Access Control Weakness in MicroWorld Technologies MailScan Web Administration
CVE-2008-3728

Currently unrated

Key Information:

Vendor: Microworld Technologies
Status: Mailscan
Vendor: CVE Published:; 20 August 2008

🔔 Create Microworld Technologies Vulnerability Alert

What is CVE-2008-3728?

The web-based administration interface in MicroWorld Technologies MailScan 5.6.a (espatch 1) has a significant flaw where sensitive information is stored under the web root directory without adequate access control. This exposure enables remote attackers to retrieve application paths, IP addresses, and various error messages simply by making direct requests to files located in the LOG/ directory, thereby potentially compromising the security of the system and its user data.

References

http://securityreason.com/securityalert/4172

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/bid/30700

vdb-entryx_refsource_BID

http://secunia.com/advisories/31534

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2008
Vulnerability Reserved
Aug 20, 2008