MailEnable Professional HTTPMail Content-Length: Overflow

2004-07-30T08:06:37
ID OSVDB:8301
Type osvdb
Reporter CoolICE(CoolICE@China.com)
Modified 2004-07-30T08:06:37

Description

Vulnerability Description

MailEnable Professional contains a flaw that may allow a remote denial of service. The issue is triggered when accessing the webmail service on port 8080 occurs, and will result in loss of availability for the webmail service. The request sent to the webmail service contains an overflow using the "Content-Length:" header field.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, MailEnable Pty. Ltd. has released a patch to address this vulnerability.

Short Description

MailEnable Professional contains a flaw that may allow a remote denial of service. The issue is triggered when accessing the webmail service on port 8080 occurs, and will result in loss of availability for the webmail service. The request sent to the webmail service contains an overflow using the "Content-Length:" header field.

References:

Vendor URL: http://www.mailenable.com/ Vendor Specific Solution URL: http://www.mailenable.com/hotfix Security Tracker: 1010837 Secunia Advisory ID:12218 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1314.html ISS X-Force ID: 16863 Generic Exploit URL: http://packetstormsecurity.nl/0408-exploits/mailenable.txt Bugtraq ID: 10838