Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1720


Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1720
Last Modified 10 Sep 2008 03:31:51
Published 17 Aug 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.

Vulnerable Systems


  • Merak Mail Server 7.4.5


XF - merak-address-calendar-path-disclosure(17027)

BID - 10966

OSVDB - 9043

SECUNIA - 12269


BUGTRAQ - 20040817 Vulnerabilities in Merak Webmail Server

SECTRACK - 1010969

Last Updated: 27 May 2016 10:39:09