Detections
Analytics

MailEnable IMAP Server SEARCH Command Remote DoS

medium Nessus Plugin ID 15487

Language:

Synopsis

The remote mail server is affected by a remote denial of service vulnerability.

Description

The target is running at least one instance of MailEnable's IMAP service. A flaw exists in MailEnable Professional Edition versions 1.5a-d that results in this service crashing if it receives a SEARCH command. An authenticated user could send this command either on purpose as a denial of service attack or unwittingly since some IMAP clients, such as IMP and Vmail, use it as part of the normal login process.

Solution

Upgrade to MailEnable Professional 1.5e or later.

See Also

http://www.mailenable.com/professionalhistory.asp

Plugin Details

Severity: Medium

ID: 15487

File Name: mailenable_imap_search_dos.nasl

Version: 1.19

Type: remote

Agent: windows

Family: Windows

Published: 10/17/2004

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Required KB Items: imap/login, imap/password

Excluded KB Items: imap/false_imap

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/14/2004

Reference Information

CVE: CVE-2004-2194

BID: 11418