602Pro LAN SUITE path disclosure
| 602pro-path-disclosure (15350) |  Low Risk |
Description:
602Pro LAN SUITE could allow a remote attacker to obtain sensitive information. A remote attacker could obtain the directory path of the Web server from the mail login form.
Consequences:
Obtain Information
Remedy:
Upgrade to the latest version of 602LAN SUITE (2004 or later), available from the Software602 Web site. See References.
References:
- BugTraq Mailing List, Sat Feb 28 2004 - 07:12:19 CST: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities.
- BugTraq Mailing List, Wed Mar 10 2004 - 13:05:50 CST: Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities.
- Software602 Web site: Software602::Download.
- BID-9781: Software602 602Pro LAN Suite Web Mail Installation Path Disclosure Vulnerability
- CVE-2004-0336: LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory.
- OSVDB ID: 4107: 602Pro LAN SUITE Web Mail Login Form Installation Path Disclosure
Platforms Affected:
- Software602 602Pro LAN SUITE
Reported:
Feb 28, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this