Summary
The target is running at least one instance of MailEnable - http://www.mailenable.com/ - that has a flaw in the HTTPMail service (MEHTTPS.exe) in the Professional and Enterprise Editions. The flaw can be exploited by issuing an HTTP request exceeding 4045 bytes (8500 if logging is disabled), which causes a heap buffer overflow, crashing the HTTPMail service and possibly allowing for arbitrary code execution.
Solution
Upgrade to MailEnable Professional / Enterprise 1.19 or later.
Severity
Classification
-
CVE CVE-2004-2727 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- at32 Reverse Proxy Multiple HTTP Header Fields Denial Of Service Vulnerability
- Freefloat FTP Server 'ALLO' Command Remote Buffer Overflow Vulnerability
- ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows)
- Adobe Acrobat PDF File Denial Of Service Vulnerability
- BadBlue invalid GET DoS