Info

Disclosure

Nov 03, 2004

Discovery

Unknown

Dates

Exploit

Nov 03, 2004

Solution

Unknown

Description

MailPost contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a malformed HTTP GET request, which will cause MailPost to respond with error information that will confirm or deny the existence of a file, resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

TIPS, inc.	MailPost	5.1.1sv
		5.0.x

References

Security Tracker: 1012070
Related OSVDB ID: 11411 11412 11413
Bugtraq ID: 11599
Secunia Advisory ID: 13093
ISS X-Force ID: 17954
CVE ID: 2004-1102 (see also: NVD)
CERT VU: 306086
Vendor URL: http://www.mcenter.com/mailpost/
Other Advisory URL: http://www.procheckup.com/security_info/vuln_pr0408.html
Keyword: ProCheckUp Security Bulletin PR04-08

Credit

Gemma Hughes - gemma.hughesprocheckup.com - ProCheckUp

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

TIPS, inc.

MailPost

References

Credit