Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2004-1720
HistoryAug 17, 2004 - 4:00 a.m.

CVE-2004-1720

2004-08-1704:00:00
NVD-CWE-Other
[email protected]
web.nvd.nist.gov
21
cve-2004-1720
merak mail server
information disclosure
remote attack

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.031 Low

EPSS

Percentile

91.0%

JSON

The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.

Related

nessus 1
openvas 2
nessus
nessus
Merak Webmail / IceWarp Web Mail < 5.2.8 Multiple Vulnerabilities
2004-08-26 00:00:00
openvas
openvas
Multiple Vulnerabilities in Merak Webmail / IceWarp Web Mail
2005-11-03 00:00:00
Merak Webmail / IceWarp Web Mail < 7.5.2 Multiple Vulnerabilities
2005-11-03 00:00:00

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.031 Low

EPSS

Percentile

91.0%

JSON
Related for CVE-2004-1720
nessus1openvas2