header-logo
Suggest Exploit
vendor:
IMail Server
by:
Marc Maiffret
7.5
CVSS
HIGH
IMail Web Server Long URL Denial of Service
400
CWE
Product Name: IMail Server
Affected Version From: IMail 8.10
Affected Version To: IMail 8.11
Patch Exists: YES
Related CWE: CVE-2001-0206
CPE: cpe:a:ipswitch:imail_server:8.11
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2001

IMail Web Server Long URL Denial of Service

IMail Web Server is vulnerable to a denial of service attack when a long URL is requested. The server will crash when a URL of 3000 characters or more is requested.

Mitigation:

Upgrade to IMail 8.12 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/505/info

The IMail web server can be crashed by requesting an abnormally long URL. 

Telnet to target machine, port 8383

Send: GET /glob1/
Where glob1 is 3000 characters.

Marc Maiffret <marc@eeye.com> has released the following exploit: 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19380.zip

Navigation

Suggest Exploit

Services By CQR