CVSS Base Vector:
This host is running PineApp Mail-SeCure appliance and is prone to absolute
path traversal vulnerability.
Send the crafted HTTP GET request and check is it possible to read
the system file or not.
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features,
remove the product or replace the product by another one.
The flaw is due to the '/admin/viewmsg.php' script not properly sanitizing
user supplied input.
PineApp Mail-SeCure 5099SK version 3.70, Other versions may also be
Successful exploitation will allow remote attackers to perform directory
traversal attacks and read arbitrary files on the affected appliance.
Vendor will not fix
NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)
SecurityFocus Bugtraq ID: