CVE-2004-1672
First published: Tue Oct 12 2004(Updated: )
attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IceWarp WebMail Server | =5.2.7 | |
| IceWarp WebMail Server | =5.2.8 | |
| IceWarp WebMail Server | =3.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-1672?
CVE-2004-1672 is considered to have a high severity due to its potential for unauthorized access to users' attachments.
How do I fix CVE-2004-1672?
To fix CVE-2004-1672, it is recommended to upgrade to the latest version of IceWarp Web Mail that addresses this vulnerability.
What systems are affected by CVE-2004-1672?
CVE-2004-1672 affects Merak Mail Server 7.4.5 with Icewarp Web Mail versions 5.2.7 and 5.2.8, as well as older versions such as 3.3.2.
What kind of attack does CVE-2004-1672 enable?
CVE-2004-1672 enables remote attackers to view any user's attachments by manipulating the username and message ID in HTTP requests.
Is user data at risk due to CVE-2004-1672?
Yes, CVE-2004-1672 poses a risk to user data as it allows unauthorized users to access sensitive attachments.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/icewarp
- canonical/icewarp webmail server
- version/icewarp webmail server/5.2.7
- version/icewarp webmail server/5.2.8
- version/icewarp webmail server/3.3.2