MailPost Debug Mode System Information Disclosure

2004-11-03T06:50:01
ID OSVDB:11411
Type osvdb
Reporter Gemma Hughes(gemma.hughes@procheckup.com)
Modified 2004-11-03T06:50:01

Description

Vulnerability Description

MailPost contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a specially crafted request using the debug query sting is set to a server with debug mode enabled (which is enabled by default), which will disclose server information (folder that contains web files, server version) resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

MailPost contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a specially crafted request using the debug query sting is set to a server with debug mode enabled (which is enabled by default), which will disclose server information (folder that contains web files, server version) resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/scripts/mailpost.exe?debug=''

References:

Vendor URL: http://www.mcenter.com/mailpost/ Security Tracker: 1012070 Secunia Advisory ID:13093 Related OSVDB ID: 11410 Related OSVDB ID: 11413 Related OSVDB ID: 11412 Other Advisory URL: http://www.procheckup.com/security_info/vuln_pr0409.html Keyword: ProCheckUp Security Bulletin PR04-09 ISS X-Force ID: 17952 CVE-2004-1103 CERT VU: 858726