Required CVE Record Information
Description
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie.
References 5 Total
- securityreason.com: 4172 third-party-advisory
- securityfocus.com: 30700 vdb-entry
- exchange.xforce.ibmcloud.com: mailscan-cookie-security-bypass(44515) vdb-entry
- marc.info: 20080815 Re: MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface mailing-list
- http://www.oliverkarow.de/research/mailscan.txt
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- securityreason.com: 4172 third-party-advisoryx_transferred
- securityfocus.com: 30700 vdb-entryx_transferred
- exchange.xforce.ibmcloud.com: mailscan-cookie-security-bypass(44515) vdb-entryx_transferred
- marc.info: 20080815 Re: MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface mailing-listx_transferred
- http://www.oliverkarow.de/research/mailscan.txt x_transferred