Phase:MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path.
ReferencesBUGTRAQ:Friday, January 28, 2005 Multiple vulnerabilities in Icewarp Web Mail 5.3.0: New holes | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110693950205007&w=2 | XF:merak-icewarp-user-path-disclosure(19152) | URL:http://xforce.iss.net/xforce/xfdb/19152
Votes:Assigned (Thursday, February 10, 2005)
Comments:None (candidate not yet proposed)
F7: