Overview
A vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions that may permit a remote attacker to gain sensitive information about the server configuration and environment..
Description
According to the ProCheckUp report, MailPost contains a vulnerability that may permit a remote attacker to gain sensitive information about the server configuration and environment.. When the application is in debug mode, an attacker can retrieve sensitive configuration and environment information about the target machine by sending a *debug* query string to the script. Note that debug mode is enabled in the default configuration. |
Impact
This information could be used to determine sensitive information about the server's environment. |
Solution
The CERT/CC is currently unaware of a practical solution to this problem. |
This vulnerability may be mitigated by disabling the debug mode. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to ProCheckUp for reporting this vulnerability.
This document was written by Jason A Rafail and is based on information provided by ProCheckUp.
Other Information
| CVE IDs: | None |
| Severity Metric: | 3.00 |
| Date Public: | 2004-11-03 |
| Date First Published: | 2004-11-03 |
| Date Last Updated: | 2004-11-03 15:57 UTC |
| Document Revision: | 2 |