GeoCel WindMail Remote File Read Vulnerability

Solution:
This is a configuration error on the part of the administrator.

Set up the webserver to run under an account that only has read access to files that are meant to be publicly accessed.
OR
Configure the webserver so that windmail.exe is not in a browseable directory, and ensure that the CGI calling windmail.exe parses input securely.



 

Privacy Statement
Copyright 2010, SecurityFocus