Detections
Analytics

Ipswitch IMail Server 11.x / 12.x < 12.3 Information Disclosure

low Nessus Plugin ID 76489

Language:

Synopsis

The remote mail server is affected by an information disclosure vulnerability.

Description

The remote host appears to be running Ipswitch IMail Server 11.x or 12.x older than version 12.3 and is, therefore, affected by an information disclosure vulnerability due to the included OpenSSL version.

An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks.

Solution

Upgrade to Ipswitch IMail Server version 12.3 or later.

See Also

http://www.nessus.org/u?9b35fe05

https://www.imailserver.com/imail-software-upgrades

https://www.openssl.org/news/secadv/20130205.txt

Plugin Details

Severity: Low

ID: 76489

File Name: ipswitch_imail_12_3.nasl

Version: 1.8

Type: remote

Family: Misc.

Published: 7/14/2014

Updated: 12/5/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:ipswitch:imail

Exploit Ease: No known exploits are available

Patch Publication Date: 4/23/2013

Vulnerability Publication Date: 2/4/2013

Reference Information

CVE: CVE-2013-0169

BID: 57778

CERT: 737740