Ipswitch IMail Server 11.x / 12.x < 12.3 Information Disclosure

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote mail server is affected by an information disclosure
vulnerability.

Description :

The remote host appears to be running Ipswitch IMail Server 11.x or
12.x older than version 12.3 and is, therefore, affected by an
information disclosure vulnerability due to the included OpenSSL
version.

An error exists related to the SSL/TLS/DTLS protocols, CBC mode
encryption and response time. An attacker could obtain plaintext
contents of encrypted traffic via timing attacks.

See also :

http://www.nessus.org/u?35da0f2d
http://www.imailserver.com/support/patches-upgrades/imail-v12-3/
https://www.openssl.org/news/secadv/20130205.txt

Solution :

Upgrade to Ipswitch IMail Server version 12.3 or later.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 2.5
(CVSS2#E:F/RL:ND/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 76489 ()

Bugtraq ID: 57778

CVE ID: CVE-2013-0169

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now