| VID |
22340 |
| Severity |
30 |
| Port |
4096,32000 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The target host is running a version of IceWarp/Merak Web Mail server which has multiple vulnerabilities. Merak Mail Server is a high performance Windows-based secure Internet mail server software and GroupWare Server. Merak Mail Server versions 7.5.2 and earlier, with IceWarp Web Mail versions 7.5.2 and earlier are vulnerable to multiple vulnerabilities as follows:
1) Multiple cross-site scripting vulnerabilities
2) An HTML injection vulnerability
3) A PHP source code disclosure vulnerability
4) An SQL injection vulnerability
* References:
http://www.merakmailserver.com/Products/Merak_Mail_Server/
http://www.securitytracker.com/alerts/2004/Aug/1010969.html
http://www.osvdb.org/displayvuln.php?osvdb_id=9037
http://www.osvdb.org/displayvuln.php?osvdb_id=9038
http://www.osvdb.org/displayvuln.php?osvdb_id=9039
http://www.osvdb.org/displayvuln.php?osvdb_id=9040
http://www.osvdb.org/displayvuln.php?osvdb_id=9041
http://www.osvdb.org/displayvuln.php?osvdb_id=9042
http://www.osvdb.org/displayvuln.php?osvdb_id=9043
http://www.osvdb.org/displayvuln.php?osvdb_id=9044
http://www.osvdb.org/displayvuln.php?osvdb_id=9045
* Platforms Affected:
IceWarp Software: IceWarp Web Mail versions 5.2.7 and earlier
Merak Mail Server, Inc., Merak Mail Server versions 7.5.2 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Merak Webmail / IceWarp Web Mail (5.2.8 or later) or Merak Mail Server (7.5.2 or later), available from the Merak Mail Server Software Download Web page at http://www.merakmailserver.com/Download/ |
| Related URL |
CVE-2004-1719,CVE-2004-1720,CVE-2004-1721,CVE-2004-1722 (CVE) |
| Related URL |
10966 (SecurityFocus) |
| Related URL |
17022,17024,17027,17029 (ISS) |
|
