| VID |
21369 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The IlohaMail, according to its version number, has a password disclosure vulnerability. IlohaMail is a webmail package written in PHP. IlohaMail versions prior to 0.7.0 contain a potential password disclosure problem when database information is not saved in the session table.
* Note: This check solely relied on the version number of the remote IlohaMail software to assess this vulnerability, so this might be a false positive.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=7401
* Platforms Affected:
IlohaMail versions prior to 0.7.0
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of IlohaMail (0.7.0 or later), available from the IlohaMail Download site at http://sourceforge.net/projects/ilohamail/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
