header-logo
Suggest Exploit
vendor:
IMail
by:
SecurityFocus
7.5
CVSS
HIGH
IMail Web Calendaring Service Denial of Service
400
CWE
Product Name: IMail
Affected Version From: IMail 8.10
Affected Version To: IMail 8.11
Patch Exists: YES
Related CWE: CVE-2002-0674
CPE: a:ipswitch:imail_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Operating Systems
2002

IMail Web Calendaring Service Denial of Service

When a HTTP POST command is made to the web calendaring service on port 8484, and the "content-length:" header field is blank, the service becomes unstable and crashes. An attacker may exploit this vulnerability by submitting a POST request with a blank content-length header field.

Mitigation:

Upgrade to IMail 8.12 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5365/info

IMail is a commercial email server software package distributed and maintained by Ipswitch, Incorporated. IMail is available for Microsoft Operating Systems.

When a HTTP POST command is made to the web calendaring service on port 8484, and the "content-length:" header field is blank, the service becomes unstable. It has been reported that such a transaction with the service results in a crash of the iwebcal service. 

An attacker may exploit this vulnerability by submitting the following request to a vulnerable server:

POST / HTTP/1.0

Navigation

Suggest Exploit

Services By CQR