Vulnerabilities > CVE-2004-2334 - Multiple vulnerability in Emumail EMU Webmail 5.2.7

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
emumail
nessus
exploit available
NVD
Published: 2004-12-31
Updated: 2017-07-11

Summary

Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page.

Vulnerable Configurations

Part Description Count
Application
Emumail
1

Exploit-Db

descriptionEmumail EMU Webmail 5.2.7 emumail.fcgi Multiple Parameter XSS. CVE-2004-2334 . Webapps exploit for cgi platform
idEDB-ID:23810
last seen2016-02-02
modified2004-03-12
published2004-03-12
reporterdr_insane
sourcehttps://www.exploit-db.com/download/23810/
titleEmumail EMU Webmail 5.2.7 emumail.fcgi Multiple Parameter XSS

Nessus

NASL familyCGI abuses
NASL idEMUMAIL_MULTIPLE_VULNS.NASL
descriptionAccording to its version number, the remote host is running a vulnerable version of EMUMAIL WebMail. There are several vulnerabilities in this version, ranging from information disclosure to cross-site scripting vulnerabilities. These issues may allow an attacker to trick a logged-in user into providing access to this system.
last seen2020-06-01
modified2020-06-02
plugin id12095
published2004-03-14
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/12095
titleEmumail WebMail Multiple Remote Vulnerabilities (XSS, Disc)
code
#
# (C) Tenable Network Security, Inc.
# 


include("compat.inc");


if(description)
{
 script_id(12095);
 script_cve_id("CVE-2004-2334", "CVE-2004-2385");
 script_bugtraq_id(9861);
 
 script_version("1.23");

 script_name(english:"Emumail WebMail Multiple Remote Vulnerabilities (XSS, Disc)");
 script_summary(english:"version test for Emumail");
 
 script_set_attribute(attribute:"synopsis",value:
"A webmail application running on the remote host has multiple
vulnerabilities." );
 script_set_attribute(attribute:"description", value:
"According to its version number, the remote host is running a
vulnerable version of EMUMAIL WebMail.

There are several vulnerabilities in this version, ranging 
from information disclosure to cross-site scripting vulnerabilities. 
These issues may allow an attacker to trick a logged-in user 
into providing access to this system." );
 script_set_attribute(
   attribute:"solution", 
   value:"Upgrade to the latest version of this software."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:ND/RC:ND");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/03/14");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/03/11");
 script_cvs_date("Date: 2018/06/14 12:21:47");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"CGI abuses");
 
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");

 script_dependencie("find_service1.nasl", "http_version.nasl");
 script_require_ports("Services/www", 80);
 script_exclude_keys("Settings/disable_cgi_scanning");

 exit(0);
}

# Check starts here

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


function check(dir, port)
{
  local_var req, res;

  req = string(dir, "/emumail.fcgi");
  res = http_send_recv3(method:"GET", item:req, port:port);
  if (isnull(res)) exit(0);

  if ("Powered by EMU Webmail" >< res[2])
   {
    if ( egrep(pattern:"(Powered by|with) EMU Webmail ([0-4]\.|5\.([01]\.|2\.[0-7][^0-9]))", string:res[2]) ) {
	security_warning(port);
	set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
	exit(0);
    }
   }
 return(0);
}


#
# Execution begins here
#
port = get_http_port(default:80);

foreach dir ( cgi_dirs() )
{
 check(dir:dir, port:port);
}

References