CVE-2004-1720
Merak Mail Server 7.4.5 - address.html Full Path Disclosure
Severity Score
5.3
*CVSS v3
Exploit Likelihood
9.1%
*EPSS
Affected Versions
1
*CPE
Public Exploits
5
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-07-17 First Exploit
- 2004-08-17 CVE Published
- 2005-02-26 CVE Reserved
- 2024-08-08 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (8)
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/24381 | 2004-07-17 | |
| http://packetstormsecurity.nl/0408-exploits/merak527.txt | 2024-08-08 | |
| http://secunia.com/advisories/12269 | 2024-08-08 | |
| http://www.osvdb.org/9043 | 2024-08-08 | |
| http://www.securityfocus.com/bid/10966 | 2024-08-08 |
1 - 5 of 5
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|