| VID |
18114 |
| Severity |
30 |
| Port |
110 |
| Protocol |
TCP |
| Class |
POP3 |
| Detailed Description |
A version of Alt-N MDaemon POP3 Server which is older than version 12.5.7 is detected as running on the host. Alt-N MDaemon is an SMTP/POP/IMAP server for Microsoft Windows operating systems. The remote webmail client has a cross-site scripting vulnerability.
- Input supplied in body of an email is not properly sanitized before being presented to the user. Specially crafted email messages that can exploit this error contain CSS expression properties with comments inside 'STYLE' attributes inside either image or other elements. Another method is to use the 'innerHTML' attribute in XML documents. This is a persistent cross-site scripting issue.
- Input supplied via unspecified vectors is not properly sanitized before being presented to the user.
* Note: This check solely relied on the banner of the remote POP3 server to assess this vulnerability, so this might be a false positive.
* References:
http://files.altn.com/MDaemon/Release/relnotes_en.html
* Platforms Affected:
Alt-N Technologies, Inc., MDaemon versions prior to 12.5.7 |
| Recommendation |
Upgrade to the latest version of MDaemon (12.5.7 or later), available from the Alt-N Technologies Web site at http://www.altn.com/Downloads/ExistingCustomers/ |
| Related URL |
CVE-2012-2584 (CVE) |
| Related URL |
54885 (SecurityFocus) |
| Related URL |
(ISS) |
|
