CVE-2007-2231
CVSS 4.3 - MEDIUM
Description
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
Affected Products
37| Vendor | Product | Version |
|---|---|---|
| dovecot | dovecot |
1.0.beta1
|
| dovecot | dovecot |
1.0.beta2
|
| dovecot | dovecot |
1.0.beta3
|
| dovecot | dovecot |
1.0.beta4
|
| dovecot | dovecot |
1.0.beta5
|
| dovecot | dovecot |
1.0.beta6
|
| dovecot | dovecot |
1.0.beta7
|
| dovecot | dovecot |
1.0.beta8
|
| dovecot | dovecot |
1.0.beta9
|
| dovecot | dovecot |
1.0.rc1
|
| dovecot | dovecot |
1.0.rc2
|
| dovecot | dovecot |
1.0.rc3
|
| dovecot | dovecot |
1.0.rc4
|
| dovecot | dovecot |
1.0.rc5
|
| dovecot | dovecot |
1.0.rc6
|
| dovecot | dovecot |
1.0.rc7
|
| dovecot | dovecot |
1.0.rc8
|
| dovecot | dovecot |
1.0.rc9
|
| dovecot | dovecot |
1.0.rc10
|
| dovecot | dovecot |
1.0.rc11
|
| dovecot | dovecot |
1.0.rc12
|
| dovecot | dovecot |
1.0.rc13
|
| dovecot | dovecot |
1.0.rc14
|
| dovecot | dovecot |
1.0.rc15
|
| dovecot | dovecot |
1.0.rc16
|
| dovecot | dovecot |
1.0.rc17
|
| dovecot | dovecot |
1.0.rc18
|
| dovecot | dovecot |
1.0.rc19
|
| dovecot | dovecot |
1.0.rc20
|
| dovecot | dovecot |
1.0.rc21
|
| dovecot | dovecot |
1.0.rc22
|
| dovecot | dovecot |
1.0.rc23
|
| dovecot | dovecot |
1.0.rc24
|
| dovecot | dovecot |
1.0.rc25
|
| dovecot | dovecot |
1.0.rc26
|
| dovecot | dovecot |
1.0.rc27
|
| dovecot | dovecot |
1.0.rc28
|
References
Weakness Types
NVD-CWE-Other
CVE Information
- CVE ID:
CVE-2007-2231- Published:
- 2007-04-25
- Modified:
- 2026-04-23
- CVSS Score:
- 4.3
- Severity:
- MEDIUM
- Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
Affected Vendors
dovecot
Quick Actions
CVSS Severity Scale
0.0 - 3.9
LOW
4.0 - 6.9
MEDIUM
7.0 - 8.9
HIGH
9.0 - 10.0
CRITICAL