Floosietek FTGate Mail Server Path Disclosure Vulnerability
BID:10059
Info
Floosietek FTGate Mail Server Path Disclosure Vulnerability
| Bugtraq ID: | 10059 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 06 2004 12:00AM |
| Updated: | Apr 06 2004 12:00AM |
| Credit: | Disclosure of this issue is credited to [email protected]>. |
| Vulnerable: |
Floosietek FTGatePro 1.2 (1331) Floosietek FTGatePro 1.2 Floosietek FTGateOffice 1.2 |
| Not Vulnerable: | |
Discussion
Floosietek FTGate Mail Server Path Disclosure Vulnerability
It has been reported that FTGate it prone to a server path disclosure vulnerability. This issue is due to an ill conceived error message that includes the server path.
These issues may be leveraged to gain sensitive information about the affected system potentially aiding an attacker in mounting further attacks.
It has been reported that FTGate it prone to a server path disclosure vulnerability. This issue is due to an ill conceived error message that includes the server path.
These issues may be leveraged to gain sensitive information about the affected system potentially aiding an attacker in mounting further attacks.
Exploit / POC
Floosietek FTGate Mail Server Path Disclosure Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/inbox/message.fts
http://www.example.com/inbox/message.fts?folder=Sent%20Items&id=test
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/inbox/message.fts
http://www.example.com/inbox/message.fts?folder=Sent%20Items&id=test
Solution / Fix
Floosietek FTGate Mail Server Path Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Floosietek FTGate Mail Server Path Disclosure Vulnerability
References:
References:
- FTGate Homepage (Floosietek)
- FTGateOffice/FTGatePro V1.2 Multiple vulnerabilities (Dr_insane
) - FTGatePro Product Page (Floosietek)