A vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions that may permit a remote attacker to verify the existance of files anywhere on the local system.
According to the ProCheckUp report, MailPost contains a vulnerability that may permit a remote attacker to verify the existance of files anywhere on the server's filesystem. By sending a malformed HTTP GET query string to the script, an attacker can determine whether or not a file is present on the target machine.
This information could be used to determine sensitive information about the server's environment.
The CERT/CC is currently unaware of a practical solution to this problem.
It may be possible to mitigate this vulnerability by modifying the information returned in error messages.
Thanks to ProCheckUp for reporting this vulnerability.
|Date First Published:||2004-11-03|
|Date Last Updated:||2004-11-03 15:51 UTC|