CVE-2007-2231

Name: CVE-2007-2231
Creator: NVD / NIST
Published: 2007-04-25T15:19:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.12%

Last modified Jun 16, 2026

CVE-2007-2231 is a vulnerability of currently unknown severity. Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.. EPSS estimates a 2.12% chance of exploitation in the next 30 days.

Description

Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.

Metrics

EPSS Probability

2.12%

79.6th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Dovecot	Dovecot	1.0.beta1
Dovecot	Dovecot	1.0.beta2
Dovecot	Dovecot	1.0.beta3
Dovecot	Dovecot	1.0.beta4
Dovecot	Dovecot	1.0.beta5
Dovecot	Dovecot	1.0.beta6
Dovecot	Dovecot	1.0.beta7
Dovecot	Dovecot	1.0.beta8
Dovecot	Dovecot	1.0.beta9
Dovecot	Dovecot	1.0.rc1
Dovecot	Dovecot	1.0.rc2
Dovecot	Dovecot	1.0.rc3
Dovecot	Dovecot	1.0.rc4
Dovecot	Dovecot	1.0.rc5
Dovecot	Dovecot	1.0.rc6
Dovecot	Dovecot	1.0.rc7
Dovecot	Dovecot	1.0.rc8
Dovecot	Dovecot	1.0.rc9
Dovecot	Dovecot	1.0.rc10
Dovecot	Dovecot	1.0.rc11
Dovecot	Dovecot	1.0.rc12
Dovecot	Dovecot	1.0.rc13
Dovecot	Dovecot	1.0.rc14
Dovecot	Dovecot	1.0.rc15
Dovecot	Dovecot	1.0.rc16
Dovecot	Dovecot	1.0.rc17
Dovecot	Dovecot	1.0.rc18
Dovecot	Dovecot	1.0.rc19
Dovecot	Dovecot	1.0.rc20
Dovecot	Dovecot	1.0.rc21
Dovecot	Dovecot	1.0.rc22
Dovecot	Dovecot	1.0.rc23
Dovecot	Dovecot	1.0.rc24
Dovecot	Dovecot	1.0.rc25
Dovecot	Dovecot	1.0.rc26
Dovecot	Dovecot	1.0.rc27
Dovecot	Dovecot	1.0.rc28

References

Timeline

Published: Apr 25, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-2231?

How severe is CVE-2007-2231?

Severity scoring for CVE-2007-2231 is pending analysis. The EPSS model estimates a 2.12% probability of exploitation in the next 30 days.

How do I fix CVE-2007-2231?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-2231?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST