Vulnerabilities > CVE-2004-1672 - Unspecified vulnerability in Icewarp web Mail 3.3.2/5.2.7/5.2.8
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN icewarp
nessus
Summary
attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family | CGI abuses |
NASL id | ICEWARP_WEBMAIL_VULNS.NASL |
description | The remote host is running IceWarp Web Mail - a webmail solution available for the Microsoft Windows platform. The remote version of this software is vulnerable to multiple input validation issues that could allow an attacker to compromise the integrity of the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15469 |
published | 2004-10-13 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/15469 |
title | IceWarp Web Mail Multiple Flaws (1) |
code |
|
References
- http://marc.info/?l=bugtraq&m=109483971420067&w=2
- http://marc.info/?l=bugtraq&m=109483971420067&w=2
- http://secunia.com/advisories/12789
- http://secunia.com/advisories/12789
- http://www.securityfocus.com/bid/11371
- http://www.securityfocus.com/bid/11371
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17316
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17316