CVE-2004-1101 in Mailpostinfo

Summary

mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error message, and execute a cross-site scripting (XSS) attack via an HTTP request that contains a / (backslash) and arbitrary webscript before the requested file, which leaks the pathname and does not quote the script in the resulting Visual Basic error message.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

11/30/2004

Disclosure

01/10/2005

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-404 (Confirmed)

Exploit

Download

CVSS

5.4

EPSS

0.02696

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2004-1101
NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1101
CVE Details	https://www.cvedetails.com/cve/CVE-2004-1101/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!