CommuniGate Pro POP3 < 5.1c2 Buffer Overflow

High Nessus Network Monitor Plugin ID 5104

Synopsis

The remote host is vulnerable to an HTML Injection attack

Description

The version of CommuniGate Pro running on the remote host is prone to an HTML injection flaw. The root cause of this flaw is a failure within the CommuniGate software when processing a specially formatted URI. An attacker, exploiting this flaw, would need to be able to entice a user into opening an email. Upon opening the email, the attacker would be able to execute arbitrary script code.

Solution

Upgrade to CommuniGate Pro 5.2.15 or newer.

See Also

http://www.communigate.com/cgatepro/History52.html

Plugin Details

Severity: High

ID: 5104

File Name: 5104.prm

Family: Web Servers

Published: 2007/07/29

Modified: 2016/01/15

Dependencies: 1442

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2007/07/23

Vulnerability Publication Date: 2007/07/23

Reference Information

BID: 35783