Vulnerability Description
viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Icewarp | Web Mail | 3.3.2 |
| Merak | Mail Server | 7.4.5 |
References
- http://marc.info/?l=bugtraq&m=109483971420067&w=2
- http://secunia.com/advisories/12789PatchVendor Advisory
- http://www.securityfocus.com/bid/11371PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17976
- http://marc.info/?l=bugtraq&m=109483971420067&w=2
- http://secunia.com/advisories/12789PatchVendor Advisory
- http://www.securityfocus.com/bid/11371PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17976
FAQ
What is CVE-2004-1674?
CVE-2004-1674 is a vulnerability with a CVSS score of 7.5 (HIGH). viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move ar...
How severe is CVE-2004-1674?
CVE-2004-1674 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1674?
Check the references section above for vendor advisories and patch information. Affected products include: Icewarp Web Mail, Merak Mail Server.