| VID |
21881 |
| Severity |
40 |
| Port |
80,6080, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Web server is running a version of Winmail Server which is older than 4.3. Winmail Server is a commercial mail server including extensive security measures for Microsoft Windows platforms. Winmail Server version 4.2 (build 0824) and possibly other versions are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to conduct cross-site scripting and script insertion attacks, and overwrite arbitrary files.
* Note: This check solely relied on the version number of Winmail Server on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.frsirt.com/english/advisories/2005/2485
http://www.frsirt.com/english/advisories/2006/0858
http://secunia.com/advisories/16665
http://secunia.com/secunia_research/2005-58/advisory/
* Platforms Affected:
AMAX Information Technologies Inc., Winmail Server 4.2 (build 0824) and earlier versions
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Winmail Server (4.3 (Build 0302)), available from the Winmail Server Download Web site at http://www.magicwinmail.net/download.asp |
| Related URL |
CVE-2006-1250 (CVE) |
| Related URL |
17009 (SecurityFocus) |
| Related URL |
23132,23140 (ISS) |
|
