Summary
The remote server is running at least one instance of IMP whose version number is between 2.0 and 3.2.3 inclusive. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to unknowingly run arbitrary Javascript code simply by reading a MIME message with a specially crafted Content-Type header.
For information about the vulnerability, including exploits, see :
- http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-2.txt - http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt
Note : OVS has determined the vulnerability exists on the target simply by looking at the version number of IMP installed there it has
not attempted to actually exploit the vulnerability.
Solution
Upgrade to IMP version 3.2.4 or later.
Severity
Classification
-
CVE CVE-2004-0584 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- Afian 'includer.php' Directory Traversal Vulnerability
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities