Vulnerabilities > CVE-2004-2572 - Remote Installation Path Disclosure vulnerability in Amax Information Technologies Magic Winmail Server 3.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as "()" or (2) a large number of characters in the Lookup field on the netaddressbook.php web form, which reveals the path in an ldaplib.php error message when the ldap_search function fails, due to improper processing of the $keyword variable.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://members.lycos.co.uk/r34ct/main/ldaplib/ldaplib.php%20reveal%20local%20path%20of%20Winmail%203.6%20webmail%20directory.txt
- http://secunia.com/advisories/11015
- http://www.magicwinmail.net/download/english-help.chm
- http://www.osvdb.org/4118
- http://www.securityfocus.com/bid/9786
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15361