Vulnerability Note VU#858726
MailPost discloses sensitive system information when operating in debug mode
A vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions that may permit a remote attacker to gain sensitive information about the server configuration and environment..
According to the ProCheckUp report, MailPost contains a vulnerability that may permit a remote attacker to gain sensitive information about the server configuration and environment.. When the application is in debug mode, an attacker can retrieve sensitive configuration and environment information about the target machine by sending a *debug* query string to the script. Note that debug mode is enabled in the default configuration.
This information could be used to determine sensitive information about the server's environment.
The CERT/CC is currently unaware of a practical solution to this problem.
This vulnerability may be mitigated by disabling the debug mode.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|MailPost||Affected||13 Aug 2004||03 Nov 2004|
CVSS Metrics (Learn More)
Thanks to ProCheckUp for reporting this vulnerability.
This document was written by Jason A Rafail and is based on information provided by ProCheckUp.
- CVE IDs: Unknown
- Date Public: 03 Nov 2004
- Date First Published: 03 Nov 2004
- Date Last Updated: 03 Nov 2004
- Severity Metric: 3.00
- Document Revision: 2
If you have feedback, comments, or additional information about this vulnerability, please send us email.