ID CVE-2004-1720
Summary The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.
References
Vulnerable Configurations
  • cpe:2.3:a:merak:mail_server:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:merak:mail_server:7.4.5:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 10966
bugtraq 20040817 Vulnerabilities in Merak Webmail Server
misc http://packetstormsecurity.nl/0408-exploits/merak527.txt
osvdb 9043
sectrack 1010969
secunia 12269
xf merak-address-calendar-path-disclosure(17027)
Last major update 11-07-2017 - 01:31
Published 17-08-2004 - 04:00
Last modified 11-07-2017 - 01:31
Back to Top