| VID |
12062 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The MailEnable HTTPMail service is vulnerable to denial of service attack by a malformed Authorization header.
MailEnable is a POP3 and SMTP server for Microsoft Windows platforms. The professional version of MailEnable includes an additional mail access service called HTTPMail. HTTPMail is a mail access protocol based on WEBDAV that allows you to access your mail from the server without downloading the mail (as is often the case with POP).
MailEnable Professional Edition versions 1.18 and earlier are vulnerable to a denial of service attack, caused by a vulnerability in the HTTPMail service, MEHTTPS.exe. This vulnerability could be exploited by issuing an HTTP request with a malformed Authorization header, which causes a NULL pointer dereference error and crashes the HTTPMail service.
* References:
http://archives.neohapsis.com/archives/bugtraq/2004-05/0159.html
http://www.oliverkarow.de/research/MailWebHTTPAuthCrash.txt
* Platforms Affected:
MailEnable Pty. Ltd, MailEnable Professional Edition 1.18 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of MailEnable Professional (1.19 or later), available from the MailEnable Web site at http://mailenable.com/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
