| VID |
22306 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Ipswitch IMail Server, according to its banner, has multiple Denial of Service Vulnerabilities.
Ipswitch IMail Server is a Web-based mail server for Microsoft Windows operating systems. IMail Server versions prior to 8.13 are vulnerable to the following denial of service attack:
- IMail Queue Manager 'Sender' Field DoS: a remote attacker could cause the server to crash, caused by a overly long 'sender' field in the Queue Manager.
- IMail Web Calendar Malformed Content DoS: a remote attacker could cause the server to crash, caused by a calendar entries with specific content in the Web Calendaring.
- IMail Web Messaging 'To:' Line DoS: a remote attacker could cause the server to crash, caused by a overly long "To:" line in the Web Messaging.
* Note: This check solely relied on the banner of Web server to assess this vulnerability, so this might be a false positive.
* References:
http://securitytracker.com/alerts/2004/Sep/1011146.html
http://www.osvdb.org/displayvuln.php?osvdb_id=9552
http://www.osvdb.org/displayvuln.php?osvdb_id=9553
http://www.osvdb.org/displayvuln.php?osvdb_id=9554
http://secunia.com/advisories/12453/
* Platforms Affected:
Ipswitch, Inc., IMail Server prior to 8.13
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of IMail Server (8.13 or later), available from the Ipswitch Web page at http://www.ipswitch.com/support/imail/releases/imail_professional/im813.html |
| Related URL |
CVE-2004-2422 (CVE) |
| Related URL |
11106 (SecurityFocus) |
| Related URL |
17219,17220,17222 (ISS) |
|
