MailEnable IMAP Server SEARCH Command Remote DoS

Medium Nessus Plugin ID 15487


The remote mail server is affected by a remote denial of service vulnerability.


The target is running at least one instance of MailEnable's IMAP service. A flaw exists in MailEnable Professional Edition versions 1.5a-d that results in this service crashing if it receives a SEARCH command. An authenticated user could send this command either on purpose as a denial of service attack or unwittingly since some IMAP clients, such as IMP and Vmail, use it as part of the normal login process.


Upgrade to MailEnable Professional 1.5e or later.

See Also

Plugin Details

Severity: Medium

ID: 15487

File Name: mailenable_imap_search_dos.nasl

Version: $Revision: 1.17 $

Type: remote

Agent: windows

Family: Windows

Published: 2004/10/17

Modified: 2012/04/26

Dependencies: 12288, 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Required KB Items: imap/login, imap/password

Excluded KB Items: imap/false_imap

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2004/10/14

Reference Information

CVE: CVE-2004-2194

BID: 11418

OSVDB: 10728