Summary
The remote host is running the ArGoSoft WebMail interface.
There are multiple flaws in this interface which may allow an attacker to bypass authentication, inject HTML in the e-mails read by the users and even to read arbitrary files on that server.
*** OVS solely relied on the banner of this service to issue *** this alert.
Solution
Upgrade to ArGoSoft 1.8.7.0 or newer
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Ampache Reflected Cross Site Scripting Vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Struts Directory Traversal Vulnerability
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability