Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Atrium MERCUR Mailserver Local Traversal Arbitrary File Access



The remote system is vulnerable to an information disclosure flaw.


The remote IMAP server is Mercur Mailserver 3.20. There is a flaw in this server (present up to version 3.20.02) which allows any authenticated user to read any file on the system. This includes other users mailboxes, or any system file. Warning : this flaw has not been actually checked but was deduced from the server banner.


There was no solution ready when this vulnerability was written; Please contact the vendor for updates that address this vulnerability.