Summary
The target is running at least one instance of IlohaMail version 0.7.9-RC2 or earlier. Such versions do not properly check the upload path for file attachments, which may allow an attacker to place a file on the target in a location writable by the web user if the file-based backend is in use.
For a discussion of this vulnerability, see :
http://ilohamail.org/forum/view_thread.php?topic_id=5&id=561
***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number of IlohaMail ***** installed there.
Solution
Upgrade to IlohaMail version 0.7.9 or later.
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Apache Solr Directory Traversal Vulnerability Jan-14
- Advanced Image Hosting Cross Site Scripting Vulnerability
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability