CVE-2004-1101

Name of the Vulnerable Software and Affected Versions: MailPost versions 5.1.1sv and earlier

Description: The issue allows remote attackers to cause a denial of service, leak sensitive pathname information, and execute a cross-site scripting (XSS) attack. This is achieved via an HTTP request containing a backslash and arbitrary webscript before the requested file. The resulting error message leaks the pathname and does not properly quote the script, leading to potential XSS exploitation.

Recommendations: For MailPost versions 5.1.1sv and earlier, consider restricting access to the mailpost.exe executable until a patch is available. As a temporary workaround, avoid using the backslash character in HTTP requests to minimize the risk of exploitation.