Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1720

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1720
Last Modified 10 Sep 2008 03:31:51
Published 17 Aug 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1720

Summary

The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.

Vulnerable Systems

Application

  • Merak Mail Server 7.4.5


References

XF - merak-address-calendar-path-disclosure(17027)

BID - 10966

OSVDB - 9043

SECUNIA - 12269

MISC - http://packetstormsecurity.nl/0408-exploits/merak527.txt

BUGTRAQ - 20040817 Vulnerabilities in Merak Webmail Server

SECTRACK - 1010969


Last Updated: 27 May 2016 10:39:09