Vulnerabilities > CVE-2002-1005 - Denial of Service vulnerability in Argosoft Mail Server 1.8.1.5/1.8.1.6/1.8.1.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to cause a denial of service (CPU consumption) by forwarding the email to the user while autoresponse is enabled, which creates an infinite loop.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family | CGI abuses |
NASL id | ARGOSOFT_MULTIPLE_FLAWS.NASL |
description | The remote host is running the ArGoSoft WebMail interface. The version found on the remote host is reportedly affected by multiple remote vulnerabilities : - A directory traversal vulnerability could allow remote users access to all files on the host. - A denial of service vulnerability exists which could allow remote attackers with regular user privileges to create a mail-loop condition that will consume all system resources. - A HTML injection vulnerability caused by a failure to properly sanitize HTML from email messages. - An authentication bypass vulnerability due to the free-ware version of ArGoSoft failing to carry out sufficient authentication before granting access to the user management interface. - A denial of service vulnerability in the free-ware version. An attacker can exploit this by attempting to create a new user using a name of excessive length. *** Nessus solely relied on the banner of this service to issue *** this alert. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11659 |
published | 2003-05-28 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11659 |
title | ArGoSoft Mail Server Multiple Remote Vulnerabilities (XSS, DoS, Traversal) |
code |
|