Lucene search

[email protected]CVE-2005-1489

HistoryMay 11, 2005 - 4:00 a.m.

CVE-2005-1489

2005-05-1104:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-1489

vulnerability

merak mail server

icewarp web mail

remote

authenticated

path disclosure

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.1%

JSON

Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html, (2) calendar_event.html, or (3) calendar_task.html.

CPENameOperatorVersion
merak:mail_servermerak mail servereq8.0.3
icewarp:web_mailicewarp web maileq5.4.2

CPE	Name	Operator	Version
merak:mail_server	merak mail server	eq	8.0.3
icewarp:web_mail	icewarp web mail	eq	5.4.2

References

marc.info/?l=bugtraq&m=111530933016434&w=2

secunia.com/advisories/15249

exchange.xforce.ibmcloud.com/vulnerabilities/20469

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.1%

JSON