Title: GFI Mail Essentials BCC Information Disclosure Vulnerability
Severity: MODERATE
Description:
Mail Essentials is a commercial e-mail anti-virus and content scanner product, developed and maintained by GFI.
Most e-mail clients support the functionality to send BCC'ed(Blind Carbon Copied) messages. This allows bulk e-mail to be sent without the recipients of the e-mail being aware that the message is carbon copied, or who the other recipients are.
However, Mail Essentials does not properly handle BCC headers, disclosing the first name on the blind carbon copy list to all recipients of such a message.
As a result, the effectiveness of BCC can not be trusted when doing mass-mailings.
Affected Products:
- GFI Mail Essentials 2000 0.0.0
- GFI Mail Essentials 2000 0.0.0SP1
- GFI Mail Essentials 5.0.0
References:
- GFI Software: Mail Essentials Product Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
