|
Family: CGI abuses --> Category: attack
VisNetic / Merak Mail Server multiple flaws Vulnerability Scan
Vulnerability Scan Summary Checks for VisNetic Mail Server arbitrary script include
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote webmail server is affected by multiple vulnerabilities
which may allow a possible hacker to execute arbitrary commands on the remote
host.
Description:
The remote host is running VisNetic / Merak Mail Server, a
multi-featured mail server for Windows.
The webmail and webadmin services included in the remote version of
this software are prone to multiple flaws. A possible hacker could send
specially-crafted URLs to execute arbitrary scripts, perhaps taken
from third-party hosts, or to disclose the content of files on the
remote system.
See also :
http://secunia.com/secunia_research/2005-62/advisory/
http://www.deerfield.com/download/visnetic-mailserver/
Solution :
Upgrade to Merak Mail Server 8.3.5.r / VisNetic Mail Server version
8.3.5 or later.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|