Title: TIPS MailPost Remote File Enumeration Vulnerability
Severity: MODERATE
Description:
TIPS MailPost is a HTML form content email application designed to facilitate the emailing of HTML form data to a third party. This application is commercially available for the Microsoft Windows platform.
TIPS MailPost is affected by a remote file enumeration vulnerability. This issue is due to a failure to properly sanitize user requests.
The problem presents itself when an attacker attempts to access a file outside of the Web root directory using encoded directory traversal strings. Apparently when the affected script processes such requests it will respond with a different message depending whether the requested file exists.
If the requested file exists the affected script will report that a MailPost error occurred. If the requested file does not exists the affected script will respond with a 'file does not exists on this server' message.
An attacker may leverage this issue to gain knowledge of the existence of files outside the Web root directory. Information disclosed in this way may facilitate further attacks.
Although only MailPost version 5.1.1sv is reportedly vulnerable, it is likely that other versions are vulnerable as well.
Affected Products:
- TIPS MailPost 5.1.1sv
References:
- ProCheckUp: ProCheckUp SecurityBulletin PR04-09 - MailPost File Information Disclosure
- TIPS: MailPost Home Page
- US-CERT: Vulnerability Note VU#306086 - MailPost vulnerable file information disclosure
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
