Vulnerability Description
The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Argosoft | Argosoft Mail Server | 1.8.7.6 |
References
- http://marc.info/?l=bugtraq&m=111419001527077&w=2
- http://www.osvdb.org/15822
- http://www.securityfocus.com/bid/13323
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20228
- http://marc.info/?l=bugtraq&m=111419001527077&w=2
- http://www.osvdb.org/15822
- http://www.securityfocus.com/bid/13323
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20228
FAQ
What is CVE-2005-1284?
CVE-2005-1284 is a vulnerability with a CVSS score of 7.5 (HIGH). The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP P...
How severe is CVE-2005-1284?
CVE-2005-1284 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1284?
Check the references section above for vendor advisories and patch information. Affected products include: Argosoft Argosoft Mail Server.