vendor:
Merak Mail Server
by:
SecurityFocus
7.5
CVSS
HIGH
Arbitrary File Deletion
20
CWE
Product Name: Merak Mail Server
Affected Version From: 8.2.4r
Affected Version To: 8.2.4r
Patch Exists: YES
Related CWE: N/A
CPE: a:merak:merak_mail_server
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005
Merak Mail Server Arbitrary File Deletion Vulnerability
Merak Mail Server is affected by an arbitrary file deletion vulnerability. This issue arises due to an input validation error allowing an attacker to delete files in the context of the Web server running the application. An attacker can exploit this issue to cause a denial of service condition due to data corruption.
Mitigation:
Input validation should be used to ensure that user-supplied data is properly sanitized.