CVE-2008-3728

Name of the Vulnerable Software and Affected Versions MailScan version 5.6.a espatch 1

Description The issue concerns the Web Based Administration in MailScan, where sensitive information is stored under the web root with insufficient access control. This allows remote attackers to obtain sensitive data, including the installation path, IP addresses, and error messages, by making direct requests to files under the LOG/ directory.

Recommendations For MailScan version 5.6.a espatch 1, consider restricting access to the LOG/ directory to minimize the risk of exploitation. As a temporary workaround, limit direct requests to files under this directory until a more permanent solution is available.