漏洞信息详情
Magic Winmail服务器LDapLib.PHP远程安装路径泄露漏洞
- CNNVD编号:CNNVD-200412-889
- 危害等级: 低危
- CVE编号: CVE-2004-2572
- 漏洞类型: 其他
- 发布时间: 2004-12-31
- 威胁类型: 远程
- 更新时间: 2006-01-24
- 厂 商: amax_information_technologies
- 漏洞来源: .');">Disclosure of this...
漏洞简介
AMAX Magic Winmail服务器3.6版本存在漏洞。远程攻击者可以通过输入(1)如\"()\"的无效字符或(2)netaddressbook.php web form表格的Lookup字段的超多字符获得敏感信息,当ldap_search函数失败时在ldaplib.php出错消息中泄露路径。该漏洞归因于对$keyword变量的不正确处理。
漏洞公告
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
参考网址
来源: XF 名称: magic-winmail-path-disclosure(15361) 链接:http://xforce.iss.net/xforce/xfdb/15361 来源: BID 名称: 9786 链接:http://www.securityfocus.com/bid/9786 来源: OSVDB 名称: 4118 链接:http://www.osvdb.org/4118 来源: www.magicwinmail.net 链接:http://www.magicwinmail.net/download/english-help.chm 来源: SECUNIA 名称: 11015 链接:http://secunia.com/advisories/11015 来源: members.lycos.co.uk 链接:http://members.lycos.co.uk/r34ct/main/ldaplib/ldaplib.php%20reveal%20local%20path%20of%20Winmail%203.6%20webmail%20directory.txt
受影响实体
- Amax_information_technologies Magic_winmail_server:3.6
补丁
暂无
评论