Detections
Analytics

OpenWebMail < 1.90 Multiple Vulnerabilities

critical Nessus Plugin ID 11416

Language:

Synopsis

The remote host has an application that is affected by multiple vulnerabilities.

Description

According to its banner, the remote host is running a version OpenWebMail older than 1.90. Such versions are reportedly affected by multiple vulnerabilities :

 - It may be possible to execute arbitrary commands with super user privilges.

 - An information disclosure vulnerability could diclose user names.

Solution

Upgrade to OpenWebMail 1.90 or newer

See Also

https://www.securityfocus.com/archive/1/300834

https://www.securityfocus.com/archive/1/303997

http://openwebmail.org/openwebmail/download/cert/advisories/SA-02:01.txt

Plugin Details

Severity: Critical

ID: 11416

File Name: openwebmail_cmd_exec.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 3/19/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 11/19/2002

Reference Information

CVE: CVE-2002-1385, CVE-2002-2410

BID: 6232, 6425

CWE: 200