MailEnable HTTPMail Service Authorization Header DoS Vulnerability Network Vulnerability

Summary

The remote web server is affected by a denial of service flaw. Description : The remote host is running an instance of MailEnable that has a flaw in the HTTPMail service (MEHTTPS.exe) in the Professional and Enterprise Editions. The flaw can be exploited by issuing an HTTP request with a malformed Authorization header, which causes a NULL pointer dereference error and crashes the HTTPMail service.

Solution

Upgrade to MailEnable Professional / Enterprise 1.19 or later.

References

http://archives.neohapsis.com/archives/bugtraq/2004-05/0159.html
http://www.oliverkarow.de/research/MailWebHTTPAuthCrash.txt

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

aeNovo Database Content Disclosure Vulnerability
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
Apache Subversion Module Metadata Accessible
Apache ActiveMQ Multiple Vulnerabilities
Ampache Reflected Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities