CVE-2004-1720
Last modified
CVE-2004-1720 is a vulnerability of currently unknown severity. The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.. EPSS estimates a 7.89% chance of exploitation in the next 30 days.
Description
The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Merak | Mail Server | 7.4.5 |
References
- http://packetstormsecurity.nl/0408-exploits/merak527.txtExploit, Patch, Vendor Advisory
- http://secunia.com/advisories/12269Exploit, Patch, Vendor Advisory
- http://www.osvdb.org/9043Exploit, Patch, Vendor Advisory
- http://www.securityfocus.com/bid/10966Exploit, Patch, Vendor Advisory
- http://packetstormsecurity.nl/0408-exploits/merak527.txtExploit, Patch, Vendor Advisory
- http://secunia.com/advisories/12269Exploit, Patch, Vendor Advisory
- http://www.osvdb.org/9043Exploit, Patch, Vendor Advisory
- http://www.securityfocus.com/bid/10966Exploit, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2004-1720?
How severe is CVE-2004-1720?
How do I fix CVE-2004-1720?
Are you affected by CVE-2004-1720?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST