Summary
The remote server is running at least one instance of IMP whose version number is between 2.0 and 3.2.3 inclusive. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to unknowingly run arbitrary Javascript code simply by reading a MIME message with a specially crafted Content-Type header.
For information about the vulnerability, including exploits, see :
- http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-2.txt - http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt
Note : OVS has determined the vulnerability exists on the target simply by looking at the version number of IMP installed there it has
not attempted to actually exploit the vulnerability.
Solution
Upgrade to IMP version 3.2.4 or later.
Severity
Classification
-
CVE CVE-2004-0584 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- Apache Struts2 showcase namespace XSS Vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities