Lucene search

[email protected]CVE-2008-3728

HistoryAug 20, 2008 - 4:41 p.m.

CVE-2008-3728

2008-08-2016:41:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-3728

mailscan

microworld technologies

web based administration

access control

remote attack

information disclosure

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.7%

JSON

Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests to files under LOG/.

Affected configurations

NVD

Node

microworld_technologiesmailscanMatch5.6.a

CPENameOperatorVersion
microworld_technologies:mailscanmicroworld technologies mailscaneq5.6.a

CPE	Name	Operator	Version
microworld_technologies:mailscan	microworld technologies mailscan	eq	5.6.a

References

marc.info/?l=bugtraq&m=121881329424635&w=2

secunia.com/advisories/31534

securityreason.com/securityalert/4172

www.oliverkarow.de/research/mailscan.txt

www.securityfocus.com/bid/30700

exchange.xforce.ibmcloud.com/vulnerabilities/44518

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for CVE-2008-3728

cvelist1 nvd1 prion1