Info

Disclosure

Feb 12, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Macallan Mail Solution contains a flaw that may allow a malicious user to bypass certain security mechanisms. The issue is triggered when sending a HTTP GET request with two slashes ("//") before the requested resource. It is possible that the flaw may allow bypass the authentication in the web interface resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Location: Remote/Network Access Required
Attack Type: Authentication Management
Impact: Loss of Integrity, Loss of Availability

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Filter malicious characters and character sequences in a proxy or firewall with URL filtering capabilities.

Products

Macallan

Mail Solution

2.9

References

Security Tracker: 1009030
Secunia Advisory ID: 10861
CVE ID: 2004-2071 (see also: NVD)
Bugtraq ID: 9646
Vendor URL: http://perso.club-internet.fr/macallan/MMS/index.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218