Vulnerability Detail

Web-based mail interfaces

Date Discovered:
26 May 1999

Date Published:
8 Mar 2000

Last Updated:
28 Nov 2005

Threat Assessment

Overall Risk: Low

Popularity : Low

Impact: Medium

Simplicity: Low

Characteristics

Vulnerability ID: 1873
Discovered By: Unknown

Exploitable Locally: No
Exploitable Remotely: Yes

Impact: Attackers can read other users' mail resulting in the attacker gaining sensitive personal information.

Root Cause: Software Vulnerability

Description

Recommendations

Affected Technologies

References

Description

Vulnerabilities in several Web-based email interfaces for Windows NT allow an attacker to read other users' mail. The vulnerabilities occur due to incorrect implementation of http GET requests that allow attackers to get user mail files.

Recommendations

Contact the vendors for upgrades and patches.

In the mean time, a workaround solution is to disable Web-based email access.Contact the vendors for upgrades and patches.

In the mean time, a workaround solution is to disable Web-based email access.

Affected Technologies

Computalynx Limited: CMail 2.3
Gordano: NTMail 4.20
Milde Software Solutions : FTGate 2.1

References

Mitre CVE: CVE-2002-2270

CA Global Security Advisor

Current threat condition: Low

Documents and Tools

Find Threats

Viruses Spyware
Vulnerabilities All

Page Tools