Ability Mail Server Multiple Vulnerabilities

vendor:

Ability Mail Server

by:

5.5

CVSS

MEDIUM

Cross-Site Scripting (XSS), Denial of Service (DoS)

CWE

Product Name: Ability Mail Server

Affected Version From: 1.18

Affected Version To:

Patch Exists: NO

Related CWE:

CPE: a:ability_server_project:ability_mail_server:1.18

Metasploit:

Other Scripts:

Platforms Tested:

Ability Mail Server Multiple Vulnerabilities

Ability Mail Server is prone to multiple vulnerabilities that may allow a remote attacker to carry out cross-site scripting and denial of service attacks. The server is prone to a cross-site scripting vulnerability that may allow an attacker to execute arbitrary HTML and script code in the browser of a vulnerable user. It is also prone to a denial of service vulnerability that occurs when an attacker establishes about 150-200 connections to various services such as SMTP, POP3, View FeaturesIMAP4, WebMail etc.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10695/info

Ability Mail Server is reported prone to multiple vulnerabilities that may allow a remote attacker to carry out cross-site scripting and denial of service attacks.

The server is prone to a cross-site scripting vulnerability that may allow an attacker to execute arbitrary HTML and script code in the browser of a vulnerable user.

It is reported that the mail server is also prone to a denial of service vulnerability. This issue presents itself when an attacker establishes about 150-200 connections to various services such as SMTP, POP3, View FeaturesIMAP4, WebMail etc.

These issue are reported to affect Ability Mail Server version 1.18, however, other versions may be affected as well.

http://www.example.com/_error?id=[id]&errormsg=<script>alert(document.cookie)</script>