|
|
Family: CGI abuses --> Category: infos
MailEnable Web Mail Client Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks version of MailEnable
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote webmail service is affected by multiple issues.
Description :
The Web Mail Client bundled with the version of MailEnable installed
on the remote host reportedly fails to properly sanitize email
messages and various script parameters of malicious script code, which
can lead to cross-site scripting, cross-site request forgery, and
script insertion attacks against the affected software.
See also :
http://secunia.com/secunia_research/2007-38/advisory/
http://www.mailenable.com/Professional20-ReleaseNotes.txt
http://www.mailenable.com/Enterprise20-ReleaseNotes.txt
Solution :
Upgrade to MailEnable Professional Edition 1.85 / 2.37 or Enterprise
1.42 / 2.37 or later as they are rumoured to address the issues.
Threat Level:
Medium / CVSS Base Score : 5.6
(AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
