Summary
This host is running MailScan a Mail Server, which is prone to multiple vulnerabilities.
Impact
Successful Remote exploitation will allow, to gain unauthorized access to disclose sensitive information, directory traversal attacks, cross site scripting, execution fo arbitrary script code within the context of the website to steal cookie-based authentication credentials.
Impact Level : Application
Solution
Upgrade to MicroWorld MailScan Version 6.4a or later.
For updates refer to http://www.mwti.net/
Insight
Multiple flaws are due to,
- an input validation error within the web administration interface.
- the web administration interface does not properly restrict access to certain pages. can cause an authentication-bypass vulnerability.
- an input passed via URL to the web administration interface is not properly sanitized before being returned to the user.
Affected
MicroWorld MailScan for Mail Servers 5.6a and prior versions.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-3726 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Struts2 showcase namespace XSS Vulnerability
- Apache Subversion Module Metadata Accessible
- Apache Archiva Cross Site Request Forgery Vulnerability