Kerio MailServer < 6.0.1 Embedded HTTP Server Unspecified Issue

Critical Nessus Plugin ID 14279


The remote mail server has an unspecified vulnerability.


The remote host is running a version of Kerio MailServer prior to 6.0.1. Kerio Mailserver is an SMTP server that ships with an embedded HTTP server.

It has been reported that there are multiple remote overflows in versions of Kerio prior to 6.0.1, although the exact nature of these overflows is not yet known.

Note that Nessus determined this vulnerability exists based solely on the version in the received banner. If the host is running obfuscated banners, this may be a false positive.


Upgrade to Kerio MailServer 6.0.1 or later.

See Also

Plugin Details

Severity: Critical

ID: 14279

File Name: kerio_webmail_601.nasl

Version: $Revision: 1.14 $

Type: remote

Family: Web Servers

Published: 2004/08/16

Modified: 2014/05/02

Dependencies: 10107, 10263

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:kerio:kerio_mailserver

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2004/08/12

Vulnerability Publication Date: 2004/08/12

Reference Information

BID: 10936

OSVDB: 8653