Detections
Analytics

MERCUR Mailserver Local Traversal Arbitrary File Access

medium Nessus Plugin ID 10382

Synopsis

The remote IMAP server has a directory traversal vulnerability.

Description

According to its banner, the version of MERCUR Messaging running on the remote host has a directory traversal vulnerability. An authenticated, remote attacker could exploit this to read or write arbitrary files on the system.

Solution

Upgrade to the latest version of this software.

See Also

http://www.nessus.org/u?b2817eb6

Plugin Details

Severity: Medium

ID: 10382

File Name: mercure_imap_read_any_file.nasl

Version: 1.20

Type: remote

Family: Misc.

Published: 4/25/2000

Updated: 7/16/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: imap/false_imap

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 4/13/2000

Reference Information

CVE: CVE-2000-0318

BID: 1144