PineApp Mail-SeCure 'livelog.html' Remote Command Injection Vulnerability

Published: 2013-08-13 10:13:20

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact:
Successful exploits will result in the execution of arbitrary commands with root privileges in the context of the affected appliance.

Detection Method:
Send a crafted HTTP GET request and check the response.

Technical Details:
The specific flaws exist with input sanitization in the livelog.html component. These flaws allow for the injection of arbitrary commands to the Mail-SeCure server.

Recommendations:
Ask the Vendor for an update. Upgrade to version 5.1

Solution Type:
Vendor Patch

Summary:
PineApp Mail-SeCure 3.70 is prone to a remote command-injection vulnerability.

Detection Type:
Remote Vulnerability

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/61473

References:

http://www.securityfocus.com/bid/61473

Search
Severity
High
CVSS Score
10.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.