Vulnerability Details CVE-2004-2726
HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and application crash). NOTE: This is a different vulnerability than CVE-2005-1348.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0159.html
- http://secunia.com/advisories/11588
- http://www.oliverkarow.de/research/MailWebHTTPAuthCrash.txt
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0159.html
- http://secunia.com/advisories/11588
- http://www.oliverkarow.de/research/MailWebHTTPAuthCrash.txt
Products affected by CVE-2004-2726
-
cpe:2.3:a:mailenable:mailenable:1.18