|
|
>> MailSite Cross Site Scripting and Remote Denial of Service Vulnerabilities
|
Title : MailSite Cross Site Scripting and Remote Denial of Service Vulnerabilities
VUPEN ID : VUPEN/ADV-2006-0284
CVE ID : CVE-2006-0341 - CVE-2006-0342
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-01-20
|
Two vulnerabilities were identified in Rockliffe MailSite, which could be exploited by remote attackers to execute arbitrary scripting code or cause a denial of service.
The first issue is due to an input validation error in the HTTP Mail Management Agent (CGI-BIN/WCONSOLE.DLL) that does not properly handle specially crafted parameters, which could be exploited by remote attackers to crash a vulnerable application.
The second flaw is due to an input validation error in the HTTP Mail Management Agent (CGI-BIN/WCONSOLE.DLL) that does not properly handle specially crafted parameters, which could be exploited by remote attackers to cause malicious scripting code to be executed by the user's browser in the security context of an affected Web site.
Affected Products
Rockliffe MailSite version 6.1.22 and prior
Rockliffe MailSite version 7.0.3.1 and prior
Solution
Hotfix for versions 6.x :
ftp://ftp.rockliffe.com/MailSite/6.1.22/Hotfixes/
Hotfix for versions 7.x :
ftp://ftp.rockliffe.com/MailSite/Latest/Hotfixes/
References
http://www.vupen.com/english/advisories/2006/0284
Credits
Vulnerabilities reported by Rahul Mohandas
ChangeLog
2006-01-20 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
