CVE-2000-0239
published 2000-03-15CVE-2000-0239: Buffer overflow in the MERCUR WebView WebMail server allows remote attackers to cause a denial of service via a long mail_user parameter in the GET request.
PriorityP420medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
3.56%
87.9th percentile
Buffer overflow in the MERCUR WebView WebMail server allows remote attackers to cause a denial of service via a long mail_user parameter in the GET request.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atrium_software | mercur_imap4_server | — | — |
| atrium_software | mercur_mailserver | — | — |
| atrium_software | mercur_pop3_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft ISA Server 2000 Web Proxy - Denial of Service
exploitdb·2001-04-16
CVE-2001-0239 Microsoft ISA Server 2000 Web Proxy - Denial of Service
Microsoft ISA Server 2000 Web Proxy - Denial of Service
---
// source: https://www.securityfocus.com/bid/2600/info
It is possible for a user to cause the Web Proxy service on a host running MS ISA Server to stop responding.
If a HTTP request with an unusually long path is submitted, the Web Proxy service could stop responding.
This vulnerability is only exploitable from the internal network unless the Web Publishing service has been enabled, in which case it can be exploited from either internal or external networks. It is disabled by default.
A HTML email containing the malicious URL in an image tag or a javascript URL, could invoke a user's browser. An attempt to fulfill this request by the Web Proxy service, could instigate the denial of service condition on an internal users syst
Exploit-DB
Atrium Software Mercur WebView WebMail-Client 1.0 - Buffer Overflow
exploitdb·2000-03-16
CVE-2000-0239 Atrium Software Mercur WebView WebMail-Client 1.0 - Buffer Overflow
Atrium Software Mercur WebView WebMail-Client 1.0 - Buffer Overflow
---
source: https://www.securityfocus.com/bid/1056/info
WebView WebMail-Client is an add-on for the Mercur SMTP/POP3/IMAP4 Mail Server which allows a user to access email through a web browser.
Insufficient boundary checking exists in the code which handles GET requests, specifically on port 1080. Issuing a GET request containing a string of over 1000 characters on port 1080 will cause the WebView WebMail-Client application to crash.
eg.
http: //target/&mail_user=
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19810-1.exe
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19810-2.zip
No writeups or analysis indexed.
2000-03-15
Published