Directory Traversal Vulnerability in Barracuda Spam Firewall
CVE-2006-4000

Currently unrated

Key Information:

Vendor: Barracuda Networks
Status: Barracuda Spam Firewall
Vendor: CVE Published:; 5 August 2006

🔔 Create Barracuda Networks Vulnerability Alert

What is CVE-2006-4000?

A directory traversal vulnerability in the cgi-bin/preview_email.cgi script of Barracuda Spam Firewall versions 3.3.01.001 to 3.3.03.053 enables remote authenticated users to access arbitrary files on the server. By manipulating the file parameter with a '..' (dot dot) sequence, attackers can exploit this flaw to disclose sensitive information that should be restricted, potentially compromising system integrity and user privacy.

References

http://www.vupen.com/english/advisories/2006/3104

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/21258

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/19276

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 5, 2006
Vulnerability Reserved
Aug 4, 2006

JSON