CVE-2005-1657

Name of the Vulnerable Software and Affected Versions Mercur Messaging 2005 SP2

Description The issue allows remote attackers to perform unauthorized file operations. This can be achieved via several API endpoints, including (1) "deletefolder.ctml", (2) "deletemessage.ctml", (3) "origmessage.ctml", or (4) "readmessage.ctml" using the Folder.Id parameter, the "editmessage.ctml" endpoint using the Message.Id parameter, or the "messages.ctml" endpoint using the Message.Command parameter.

Recommendations For Mercur Messaging 2005 SP2, consider restricting access to the vulnerable API endpoints "deletefolder.ctml", "deletemessage.ctml", "origmessage.ctml", "readmessage.ctml", "editmessage.ctml", and "messages.ctml" to minimize the risk of exploitation. Avoid using the Folder.Id, Message.Id, and Message.Command parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.