Kerio MailServer < 6.0.1 Embedded HTTP Server Unspecified Issue

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote mail server has an unspecified vulnerability.

Description :

The remote host is running a version of Kerio MailServer prior to
6.0.1. Kerio Mailserver is an SMTP server that ships with an
embedded HTTP server.

It has been reported that there are multiple remote overflows in
versions of Kerio prior to 6.0.1, although the exact nature of these
overflows is not yet known.

Note that Nessus determined this vulnerability exists based solely on
the version in the received banner. If the host is running obfuscated
banners, this may be a false positive.

See also :

http://securitytracker.com/alerts/2004/Aug/1010949.html

Solution :

Upgrade to Kerio MailServer 6.0.1 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 14279 (kerio_webmail_601.nasl)

Bugtraq ID: 10936

CVE ID:

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial