This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.
The remote mail server is potentially affected by multiple
The remote host appears to be running Ipswitch IMail Server 11.x or
12.x older than version 18.104.22.168 and is, therefore, potentially
affected by the following vulnerabilities :
- An error exists related to the implementation of the
Elliptic Curve Digital Signature Algorithm (ECDSA) that
could allow nonce disclosure via the 'FLUSH+RELOAD'
cache side-channel attack. (CVE-2014-0076)
- An out-of-bounds read error, known as the 'Heartbleed
Bug', exists related to handling TLS heartbeat
extensions that could allow an attacker to obtain
sensitive information such as primary key material,
secondary key material and other protected content.
- Multiple input validation errors exist related to the
'WebClient' component that could allow cross-site
scripting attacks. (CVE-2014-3878)
See also :
Upgrade to Ipswitch IMail Server version 22.214.171.124 or later.
Risk factor :
High / CVSS Base Score : 9.4
CVSS Temporal Score : 8.5
Public Exploit Available : true