Family: CGI abuses --> Category: denial
MailEnable HTTPMail Service Content-Length Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for Content-Length Overflow Vulnerability in MailEnable HTTPMail Service
Detailed Explanation for this Vulnerability Test
The remote web server is affected by a buffer overflow vulnerability.
The target is running at least one instance of MailEnable that has a
flaw in the HTTPMail service (MEHTTPS.exe) in the Professional and
Enterprise Editions. The flaw can be exploited by issuing an HTTP GET
with an Content-Length header exceeding 100 bytes, which causes a
fixed-length buffer to overflow, crashing the HTTPMail service and
possibly allowing for arbitrary code execution.
See also :
Upgrade to MailEnable Professional / Enterprise 1.2 or later or apply
the HTTPMail hotfix from 9th August 2004 found at
Critical / CVSS Base Score : 10
Click HERE for more information and discussions on this network vulnerability scan.