Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses : XSS --> Category: infos

Open WebMail Content-Type XSS Vulnerability Scan


Vulnerability Scan Summary
Checks for Content-Type XSS flaw in Open WebMail

Detailed Explanation for this Vulnerability Test

The target is running at least one instance of Open WebMail whose
version is 2.32 or earlier. Such versions are vulnerable to a cross
site scripting attack whereby a possible hacker can cause a victim to
unknowingly run arbitrary Javascript code by reading a MIME message
with a specially crafted Content-Type or Content-Description header.
For further information, see :

http://www.openwebmail.org/openwebmail/download/cert/advisories/SA-04:05.txt
http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-2.txt
http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt

***** Nessus has acertaind the vulnerability exists on the target
***** simply by looking at the version number of Open WebMail
***** installed there.

Solution : Upgrade to Open WebMail version 2.32 20040603 or later.

Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.