The target is running at least one instance of IlohaMail that allows anyone to retrieve its configuration files over the web. These files may contain sensitive information. For example, conf/conf.inc may hold a username / password used for SMTP authentication.
Upgrade to IlohaMail version 0.8.14-rc2 or later or reinstall following the 'Proper Installation' instructions in the INSTALL document.
CVSS Base Score: 5.0