Description
The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.
Exploits (1)
References (7)
Core 7
Core References
Exploit, Patch, Vendor Advisory x_refsource_misc
http://packetstormsecurity.nl/0408-exploits/merak527.txt
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10966
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109279057326044&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1010969
Exploit, Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12269
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_osvdb
http://www.osvdb.org/9043
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17027
Scores
EPSS
0.0909
EPSS Percentile
92.7%
Details
Status
published
Products (1)
merak/mail_server
7.4.5
Published
Aug 17, 2004
Tracked Since
Feb 18, 2026