CommuniGate Pro POP3 < 5.1c2 Buffer Overflow

high Nessus Network Monitor Plugin ID 5104

Synopsis

The remote host is vulnerable to an HTML Injection attack

Description

The version of CommuniGate Pro running on the remote host is prone to an HTML injection flaw. The root cause of this flaw is a failure within the CommuniGate software when processing a specially formatted URI. An attacker, exploiting this flaw, would need to be able to entice a user into opening an email. Upon opening the email, the attacker would be able to execute arbitrary script code.

Solution

Upgrade to CommuniGate Pro 5.2.15 or newer.

See Also

http://www.communigate.com/cgatepro/History52.html

Plugin Details

Severity: High

ID: 5104

Family: Web Servers

Published: 7/29/2007

Updated: 3/6/2019

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 7/23/2007

Vulnerability Publication Date: 7/23/2007

Reference Information

BID: 35783