Summary
This host is running MailScan a Mail Server, which is prone to multiple vulnerabilities.
Impact
Successful Remote exploitation will allow, to gain unauthorized access to disclose sensitive information, directory traversal attacks, cross site scripting, execution fo arbitrary script code within the context of the website to steal cookie-based authentication credentials.
Impact Level : Application
Solution
Upgrade to MicroWorld MailScan Version 6.4a or later.
For updates refer to http://www.mwti.net/
Insight
Multiple flaws are due to,
- an input validation error within the web administration interface.
- the web administration interface does not properly restrict access to certain pages. can cause an authentication-bypass vulnerability.
- an input passed via URL to the web administration interface is not properly sanitized before being returned to the user.
Affected
MicroWorld MailScan for Mail Servers 5.6a and prior versions.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-3726 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- Apache mod_proxy_ajp Information Disclosure Vulnerability
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- Apache ActiveMQ Source Code Information Disclosure Vulnerability
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities