Information Disclosure: Remote Viewing of Other Users' Attachments in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and Possibly Other Versions

Information Disclosure: Remote Viewing of Other Users' Attachments in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and Possibly Other Versions

CVE-2004-1672 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request.

Learn more about our Web App Pen Testing.