IMail Monitor Denial of Service Vulnerability

vendor:

IMail Monitor

by:

SecurityFocus

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: IMail Monitor

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

IMail Monitor Denial of Service Vulnerability

IMail includes a service called IMail Monitor which is used for local and remote performance measuring and diagnostics. It includes a small webserver operating on port 8181 to support web-based monitoring. One of the cgi scripts, status.cgi, is used to determine which services are currently running and create a web page to report this information. Multiple simultaneous requests for status.cgi will cause the software to crash, with a Dr. Watson error of 'Invalid Memory Address'.

Mitigation:

Disable IMail Monitor service or restrict access to it.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/914/info

IMail includes a service called IMail Monitor which is used for local and remote performance measuring and diagnostics. It includes a small webserver operating on port 8181 to support web-based monitoring. One of the cgi scripts, status.cgi, is used to determine which services are currently running and create a web pafge to report this information. Multiple simultaneous requests for status.cgi will cause the software to crash, with a Dr. Watson error of "Invalid Memory Address".

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19711-1.exe

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19711-2.zip