CVE-2005-4559

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-4559
mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the default_layout and layout_settings variables when an unrecognized HTTP_USER_AGENT string is provided, which allows remote attackers to access arbitrary files via a request with an unrecognized User Agent that also specifies the desired default_layout and layout_settings parameters.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://marc.info/?l=full-disclosure&m=113570229524828&w=2
http://secunia.com/advisories/17046 Patch Vendor Advisory
http://secunia.com/advisories/17865
http://secunia.com/secunia_research/2005-62/advisory/ Vendor Advisory
http://securityreason.com/securityalert/299
http://securitytracker.com/id?1015412
http://www.osvdb.org/22082
http://www.securityfocus.com/archive/1/420255/100/0/threaded
http://www.securityfocus.com/bid/16069
https://exchange.xforce.ibmcloud.com/vulnerabilities/23907
http://marc.info/?l=full-disclosure&m=113570229524828&w=2
http://secunia.com/advisories/17046 Patch Vendor Advisory
http://secunia.com/advisories/17865
http://secunia.com/secunia_research/2005-62/advisory/ Vendor Advisory
http://securityreason.com/securityalert/299
http://securitytracker.com/id?1015412
http://www.osvdb.org/22082
http://www.securityfocus.com/archive/1/420255/100/0/threaded
http://www.securityfocus.com/bid/16069
https://exchange.xforce.ibmcloud.com/vulnerabilities/23907
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:deerfield:visnetic_mail_server:8.3.0_build1:*:*:*:*:*:*:*
cpe:2.3:a:icewarp:web_mail:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:merak:mail_server:8.3.0r:*:*:*:*:*:*:*
History

21 Nov 2024, 00:04

Type Values Removed Values Added
References () http://marc.info/?l=full-disclosure&m=113570229524828&w=2 - () http://marc.info/?l=full-disclosure&m=113570229524828&w=2 -
References () http://secunia.com/advisories/17046 - Patch, Vendor Advisory () http://secunia.com/advisories/17046 - Patch, Vendor Advisory
References () http://secunia.com/advisories/17865 - () http://secunia.com/advisories/17865 -
References () http://secunia.com/secunia_research/2005-62/advisory/ - Vendor Advisory () http://secunia.com/secunia_research/2005-62/advisory/ - Vendor Advisory
References () http://securityreason.com/securityalert/299 - () http://securityreason.com/securityalert/299 -
References () http://securitytracker.com/id?1015412 - () http://securitytracker.com/id?1015412 -
References () http://www.osvdb.org/22082 - () http://www.osvdb.org/22082 -
References () http://www.securityfocus.com/archive/1/420255/100/0/threaded - () http://www.securityfocus.com/archive/1/420255/100/0/threaded -
References () http://www.securityfocus.com/bid/16069 - () http://www.securityfocus.com/bid/16069 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/23907 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/23907 -
Information

Published : 2005-12-28 11:03

Updated : 2024-11-21 00:04

NVD link : CVE-2005-4559

Mitre link : CVE-2005-4559

CVE.ORG link : CVE-2005-4559

JSON object : View

Products Affected

deerfield

  • visnetic_mail_server

merak

  • mail_server

icewarp

  • web_mail
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024