| VID |
22393 |
| Severity |
40 |
| Port |
8089 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The FTGate Mail server is vulnerable to a cross-site scripting vulnerability in the 'index.fts' script. FTGate is a commercial Groupware mail server for Windows platforms, developed by FTGate Technology. FTGate 4.4 (build 4.4.002) and earlier versions are multiple remote vulnerabilities. These issues are identified as buffer overflow, format string, and cross-site scripting vulnerabilities. Successful exploitation of the buffer overflow and format string vulnerabilities could result in a denial of service or execution of arbitrary code in the context of the affected server process. An attacker may leverage the cross-site scripting issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
* References:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040390.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040391.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040392.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040393.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1017.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1018.html
http://www.frsirt.com/english/advisories/2005/3010
http://www.frsirt.com/english/reference/3059
http://www.frsirt.com/english/reference/3058
http://www.frsirt.com/english/reference/3057
http://www.frsirt.com/english/reference/3055
* Platforms Affected:
FTGate Technology Ltd., FTGate 4.4 (build 4.4.002) and earlier versions
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of March 2006.
Upgrade to the latest version of FTGate, when new version fixed this problem becomes available from the FTGate Web site at http://www.ftgate.com/ |
| Related URL |
CVE-2005-4567,CVE-2005-4568,CVE-2005-4569 (CVE) |
| Related URL |
15972 (SecurityFocus) |
| Related URL |
23707,23708,23733 (ISS) |
|
