Vulnerability Description
The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Merak | Mail Server | 7.4.5 |
References
- http://marc.info/?l=bugtraq&m=109279057326044&w=2
- http://packetstormsecurity.nl/0408-exploits/merak527.txtExploitPatchVendor Advisory
- http://secunia.com/advisories/12269ExploitPatchVendor Advisory
- http://securitytracker.com/id?1010969
- http://www.osvdb.org/9043ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/10966ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17027
- http://marc.info/?l=bugtraq&m=109279057326044&w=2
- http://packetstormsecurity.nl/0408-exploits/merak527.txtExploitPatchVendor Advisory
- http://secunia.com/advisories/12269ExploitPatchVendor Advisory
- http://securitytracker.com/id?1010969
- http://www.osvdb.org/9043ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/10966ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17027
FAQ
What is CVE-2004-1720?
CVE-2004-1720 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation pa...
How severe is CVE-2004-1720?
CVE-2004-1720 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1720?
Check the references section above for vendor advisories and patch information. Affected products include: Merak Mail Server.