MailEnable IMAP Server SEARCH Command Remote DoS

This script is Copyright (C) 2004-2012 George A. Theall

Synopsis :

The remote mail server is affected by a remote denial of service

Description :

The target is running at least one instance of MailEnable's IMAP
service. A flaw exists in MailEnable Professional Edition versions
1.5a-d that results in this service crashing if it receives a SEARCH
command. An authenticated user could send this command either on
purpose as a denial of service attack or unwittingly since some IMAP
clients, such as IMP and Vmail, use it as part of the normal login

See also :

Solution :

Upgrade to MailEnable Professional 1.5e or later.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 5.0
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 15487 (mailenable_imap_search_dos.nasl)

Bugtraq ID: 11418

CVE ID: CVE-2004-2194

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now