|
|
Family: CGI abuses --> Category: denial
MailEnable HTTPMail Service Content-Length Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for Content-Length Overflow Vulnerability in MailEnable HTTPMail Service
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected by a buffer overflow vulnerability.
Description :
The target is running at least one instance of MailEnable that has a
flaw in the HTTPMail service (MEHTTPS.exe) in the Professional and
Enterprise Editions. The flaw can be exploited by issuing an HTTP GET
with an Content-Length header exceeding 100 bytes, which causes a
fixed-length buffer to overflow, crashing the HTTPMail service and
possibly allowing for arbitrary code execution.
See also :
http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1314.html
Solution :
Upgrade to MailEnable Professional / Enterprise 1.2 or later or apply
the HTTPMail hotfix from 9th August 2004 found at
http://www.mailenable.com/hotfix/
Threat Level:
Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
