602Pro LAN SUITE path disclosure

602pro-path-disclosure (15350)

Low Risk

Description:

602Pro LAN SUITE could allow a remote attacker to obtain sensitive information. A remote attacker could obtain the directory path of the Web server from the mail login form.

Platforms Affected:

• Software602, 602Pro LAN SUITE

Remedy:

Upgrade to the latest version of 602LAN SUITE (2004 or later), available from the Software602 Web site. See References.

Consequences:

Obtain Information

References:

• BugTraq Mailing List, Sat Feb 28 2004 - 07:12:19 CST, LAN SUITE Web Mail 602Pro Multiple Vulnerabilities at http://archives.neohapsis.com/archives/bugtraq/2004-02/0683.html.
• BugTraq Mailing List, Wed Mar 10 2004 - 13:05:50 CST, Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities at http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html.
• Software602 Web site, Software602::Download at http://www.software602.com/download/.
• BID-9781: Software602 602Pro LAN Suite Web Mail Installation Path Disclosure Vulnerability
• CVE-2004-0336: LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory.

Reported:

Feb 28, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page