|
Family: Denial of Service --> Category: infos
Kerio MailServer Webmail Resource Exhaustion Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for Kerio MailServer < 6.0.9
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote mail server is prone to a denial of service attack.
Description :
According to its banner, the remote host is running a version of Kerio
MailServer prior to 6.0.9. Such versions may be subject to hangs or
high CPU usage when malformed email messages are viewed through its
WebMail component. A possible hacker may be able leverage this issue to deny
service to legitimate users simply by sending a specially-crafted
message and having that message viewed by someone using Kerio WebMail.
See also :
http://www.kerio.com/kms_history.html
Solution :
Upgrade to Kerio MailServer 6.0.9 or newer.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:H/Au:NR/C:N/A:P/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|