Sambar Server /session/sendmail Arbitrary Mail Relay

medium Nessus Plugin ID 10415

Synopsis

The remote host has an application that allows unauthorized mail relaying.

Description

The Sambar web server is running. It provides a web interface for sending emails. You may simply pass a POST request to /session/sendmail and by this send mails to anyone you want. Due to the fact that Sambar does not check HTTP referrers you do not need direct access to the server!

Solution

Try to disable this module.

Plugin Details

Severity: Medium

ID: 10415

File Name: sambar_sendmail.nasl

Version: 1.28

Type: remote

Family: CGI abuses

Published: 5/25/2000

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

Required KB Items: www/sambar

Detections

Analytics