|
Family: Denial of Service --> Category: denial
MailEnable HTTPMail Service GET Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for GET Overflow Vulnerability in MailEnable HTTPMail Service
Detailed Explanation for this Vulnerability Test
The target is running at least one instance of MailEnable -
http://www.mailenable.com/ - that has a flaw in the HTTPMail service
(MEHTTPS.exe) in the Professional and Enterprise Editions. The flaw
can be exploited by issuing an HTTP request exceeding 4045 bytes (8500
if logging is disabled), which causes a heap buffer overflow, crashing
the HTTPMail service and possibly allowing for arbitrary code
execution.
Solution : Upgrade to MailEnable Professional / Enterprise 1.19 or
later.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|