PT-2005-2487 · Icewarp · Merak Mail Server+1

Shineshadow

Publicado

2005-05-11

Atualizado

2017-07-11

CVE-2005-1491

CVSS v2.0

4.6

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Merak Mail Server version 8.0.3 with Icewarp Web Mail version 5.4.2

Description: The issue allows remote authenticated users to perform certain unauthorized actions. This includes moving their home directory via "viewaction.html" or moving arbitrary files via the importfile parameter to "importaction.html".

Recommendations: For Merak Mail Server version 8.0.3 with Icewarp Web Mail version 5.4.2, consider restricting access to "viewaction.html" and "importaction.html" until a fix is available, and limit the use of the importfile parameter to prevent arbitrary file movement.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-1491

Produtos afetados

Icewarp Web Mail

Merak Mail Server

PT-2005-2487 · Icewarp · Merak Mail Server+1

CVE-2005-1491

Identificadores relacionados

Produtos afetados

Referências · 4