MERCUR Mailserver Local Traversal Arbitrary File Access

Medium Nessus Plugin ID 10382


The remote IMAP server has a directory traversal vulnerability.


According to its banner, the version of MERCUR Messaging running on the remote host has a directory traversal vulnerability. An authenticated, remote attacker could exploit this to read or write arbitrary files on the system.


Upgrade to the latest version of this software.

See Also

Plugin Details

Severity: Medium

ID: 10382

File Name: mercure_imap_read_any_file.nasl

Version: $Revision: 1.18 $

Type: remote

Family: Misc.

Published: 2000/04/25

Modified: 2016/11/18

Dependencies: 10125, 17975

Risk Information

Risk Factor: Medium


Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:ND

Vulnerability Information

Excluded KB Items: imap/false_imap

Vulnerability Publication Date: 2000/04/13

Reference Information

CVE: CVE-2000-0318

BID: 1144

OSVDB: 290