CVE-2008-3728

EUVD-2008-3714
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests to files under LOG/.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
microworld_technologiesmailscan
5.6.a:a
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://marc.info/?l=bugtraq&m=121881329424635&w=2
http://secunia.com/advisories/31534
http://securityreason.com/securityalert/4172
http://www.oliverkarow.de/research/mailscan.txt
http://www.securityfocus.com/bid/30700
https://exchange.xforce.ibmcloud.com/vulnerabilities/44518
http://marc.info/?l=bugtraq&m=121881329424635&w=2
http://secunia.com/advisories/31534
http://securityreason.com/securityalert/4172
http://www.oliverkarow.de/research/mailscan.txt
http://www.securityfocus.com/bid/30700
https://exchange.xforce.ibmcloud.com/vulnerabilities/44518