Overview
A vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions that may permit a remote attacker to verify the existance of files anywhere on the local system.
Description
According to the ProCheckUp report, MailPost contains a vulnerability that may permit a remote attacker to verify the existance of files anywhere on the server's filesystem. By sending a malformed HTTP GET query string to the script, an attacker can determine whether or not a file is present on the target machine. |
Impact
This information could be used to determine sensitive information about the server's environment. |
Solution
The CERT/CC is currently unaware of a practical solution to this problem. |
It may be possible to mitigate this vulnerability by modifying the information returned in error messages. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to ProCheckUp for reporting this vulnerability.
This document was written by Jason A Rafail and is based on information provided by ProCheckUp.
Other Information
| CVE IDs: | None |
| Severity Metric: | 3.00 |
| Date Public: | 2004-11-03 |
| Date First Published: | 2004-11-03 |
| Date Last Updated: | 2004-11-03 15:51 UTC |
| Document Revision: | 4 |