Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

MailEnable HTTPMail Service Content-Length Overflow Vulnerability

Information

Severity

Severity

Critical

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

17 years ago

Modified

Modified

3 years ago

Summary

The target is running at least one instance of MailEnable that has a flaw in the HTTPMail service (MEHTTPS.exe) in the Professional and Enterprise Editions.

Insight

Insight

The flaw can be exploited by issuing an HTTP GET with an Content-Length header exceeding 100 bytes, which causes a fixed-length buffer to overflow, crashing the HTTPMail service and possibly allowing for arbitrary code execution.

Solution

Solution

Upgrade to MailEnable Professional / Enterprise 1.2 or later or apply the HTTPMail hotfix from 9th August 2004.