SAINT CorporationSAINT:CF5E2526636204EBA97DB4060C80A5FCPineApp Mail-SeCure confnetworking.html nsserver command execution
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
75.1%
Added: 11/25/2013
CVE: CVE-2013-6830
BID: 63817
OSVDB: 100029
Background
PineApp Mail-SeCure is an e-mail security appliance which provides perimeter security protection to stop threats prior to their penetration of the customer’s network, as well as post-perimeter anti-spam content inspection.
Problem
A vulnerability in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands contained in the **nsserver** parameter in a request for the **confnetworking.html** script.
Resolution
Restrict access to ports 7080 and 7443.
References
<http://www.exploit-db.com/exploits/29734/>
Limitations
Exploit requires wget to be installed on the target system.
Platforms
Linux
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
75.1%