Vulnerability Description
accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to create text files with arbitrary content via the accountid parameter.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Icewarp | Web Mail | 3.3.2 |
References
- http://marc.info/?l=bugtraq&m=109483971420067&w=2
- http://secunia.com/advisories/12789ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/11371PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17317
- http://marc.info/?l=bugtraq&m=109483971420067&w=2
- http://secunia.com/advisories/12789ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/11371PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17317
FAQ
What is CVE-2004-1673?
CVE-2004-1673 is a vulnerability with a CVSS score of 7.5 (HIGH). accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to create text files with arbitrary content via the accountid paramet...
How severe is CVE-2004-1673?
CVE-2004-1673 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1673?
Check the references section above for vendor advisories and patch information. Affected products include: Icewarp Web Mail.