Title: IceWarp Merak Mail Server Unspecified Auto Responder File Path Vulnerability
Severity: MODERATE
Description:
IceWarp Merak Mail Server is a commercial mail server package designed for Microsoft Windows operating systems. It supports a wide range of features, including built-in Web mail access.
The vendor has reported that IceWarp Merak Mail Server 2.10.360 is affected by an unspecified vulnerability regarding the file path option in 'Auto Responder' of the 'Web Admin' interface. The file path option likely represents a path to a local file. It is possible that an attacker could manipulate the file path option to perform malicious actions. The exact impact is not known but this could potentially disclose sensitive information, depending on how the file path option is utilized.
The vendor has reportedly addressed this issue in IceWarp Merak Mail 3.00.100 by removing the file path option. It is likely that any earlier versions that include the file path option are affected by this vulnerability.
Affected Products:
- IceWarp Merak Mail Server 2.1.0 0.280
- IceWarp Merak Mail Server 2.1.0 0.290
- IceWarp Merak Mail Server 2.1.0 0.360
References:
- IceWarp: Merak Mail Server Homepage
- IceWarp: Merak Mail Server for Windows 2003/2K/XP/NT/9x/ME Release notes.
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
