Ipswitch IMail Server 11.x / 12.x < 12.3 Information Disclosure

Low Nessus Plugin ID 76489

Synopsis

The remote mail server is affected by an information disclosure vulnerability.

Description

The remote host appears to be running Ipswitch IMail Server 11.x or 12.x older than version 12.3 and is, therefore, affected by an information disclosure vulnerability due to the included OpenSSL version.

An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks.

Solution

Upgrade to Ipswitch IMail Server version 12.3 or later.

See Also

http://www.nessus.org/u?9b35fe05

https://www.imailserver.com/imail-software-upgrades

https://www.openssl.org/news/secadv/20130205.txt

Plugin Details

Severity: Low

ID: 76489

File Name: ipswitch_imail_12_3.nasl

Version: 1.6

Type: remote

Family: Misc.

Published: 2014/07/14

Updated: 2018/11/15

Dependencies: 10185, 10263, 11414

Risk Information

Risk Factor: Low

CVSS v2.0

Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ipswitch:imail

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/04/23

Vulnerability Publication Date: 2013/02/04

Reference Information

CVE: CVE-2013-0169

BID: 57778

CERT: 737740