Summary
The remote host is running Winmail Server.
Winmail Server is an enterprise class mail server software system offering a robust feature set, including extensive security measures. Winmail Server supports SMTP, POP3, IMAP, Webmail, LDAP, multiple domains, SMTP authentication, spam protection, anti-virus protection, SSL/TLS security, Network Storage, remote access, Web-based administration, and a wide array of standard email options such as filtering, signatures, real-time monitoring, archiving, and public email folders.
Three scripts that come with the program (chgpwd.php, domain.php and user.php) allow a remote attacker to disclose sensitive information about the remote host.
Solution
Upgrade to the latest version of this software
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Apache Tomcat Information Disclosure Vulnerability
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- An Image Gallery Multiple Cross-Site Scripting Vulnerability