IlohaMail detection 1.1
 
Plugin ID195
Plugin nameIlohaMail detection
Plugin filenameIlohaMail detection.plugin
Plugin filesize2835 bytes
Plugin familyCGI
Plugin created nameMarc Ruef
Plugin created emailmarc dot ruef at computec dot ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2004/09/09
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/13
Plugin version1.1
Plugin changelogCorrected the plugin structure and added the accuracy values in 1.1
Plugin protocoltcp
Plugin port80
Plugin procedure detectionopen|send GET /index.php HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# ### *IlohaMail*
Plugin detection accuracy95
Plugin commentCheck is inspired by the Nessus plugin. The sub-directories /webmail, /ilohamail, /IlohaMail and /mail should be checked additionally.
Bug published nameGeorge A. Theall
Bug affectedIlohaMail
Bug not affectedOther solutions
Bug vulnerability classConfiguration
Bug descriptionThe remote host is running the IlohaMail suite. This is a webmail application that is based on a stock build of PHP and that does not require either a database or a separate IMAP library.
Bug solutionYou should install or upgrade the software to the latest version to prevent the exploitation of known vulnerabilities. See http://www.ilohamail.org for more details. Also limit unwanted connections and communications with firewalling if possible.
Bug fixing timeApprox. 30 minutes
Bug exploit availabilityYes
Bug remoteYes
Bug localYes
Bug severityLow
Bug popularity2
Bug simplicity8
Bug impact3
Bug risk4
Bug Nessus riskLow
Bug check toolsNessus is able to do the same check with different directories.
Source Nessus ID14629
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.