Vulnerability Description
Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html, (2) calendar_event.html, or (3) calendar_task.html.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Icewarp | Web Mail | 5.4.2 |
| Merak | Mail Server | 8.0.3 |
References
- http://marc.info/?l=bugtraq&m=111530933016434&w=2
- http://secunia.com/advisories/15249Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20469
- http://marc.info/?l=bugtraq&m=111530933016434&w=2
- http://secunia.com/advisories/15249Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20469
FAQ
What is CVE-2005-1489?
CVE-2005-1489 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html,...
How severe is CVE-2005-1489?
CVE-2005-1489 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1489?
Check the references section above for vendor advisories and patch information. Affected products include: Icewarp Web Mail, Merak Mail Server.