Title: Captaris Infinite Mobile Delivery Webmail Path Disclosure Vulnerability
Severity: MODERATE
Description:
Captaris Infinite Mobile Delivery Webmail is a mobile wireless application that provides wireless access to enterprise information.
Infinite Mobile Delivery Webmail is reportedly affected by a path disclosure vulnerability. This issue could permit a malicious user to expose the root path of the affected application.
The issue presents itself when a user supplies an illegal Windows folder character or name in a URI such as <, >, *, :, \, /, com1, or com2.
Successful exploitation of this vulnerability may allow an attacker to gain sensitive information about the file system that may aid in launching more direct attacks against the system.
This issue was reported to affect Infinite Mobile Delivery Webmail version 2.6, however, other versions may also be vulnerable.
Affected Products:
- Captaris Infinite Mobile Delivery Webmail 2.6.0
References:
- Captaris: Captaris Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
