Vulnerability Description
HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and application crash). NOTE: This is a different vulnerability than CVE-2005-1348.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mailenable | Mailenable | 1.18 |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0159.html
- http://secunia.com/advisories/11588PatchVendor Advisory
- http://www.oliverkarow.de/research/MailWebHTTPAuthCrash.txt
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0159.html
- http://secunia.com/advisories/11588PatchVendor Advisory
- http://www.oliverkarow.de/research/MailWebHTTPAuthCrash.txt
FAQ
What is CVE-2004-2726?
CVE-2004-2726 is a vulnerability with a CVSS score of 5.0 (MEDIUM). HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and applic...
How severe is CVE-2004-2726?
CVE-2004-2726 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2726?
Check the references section above for vendor advisories and patch information. Affected products include: Mailenable Mailenable.