VULHUB ™

Macallan Mail Solution is prone to a vulnerability that may permit remote attackers to gain unauthorized access to the Web interface. It is reported that by including extraneous URL-encoded slash characters (%2f), a remote user may access restricted pages in the Web interface and perform various actions. It was also reported that authentication may be bypassed by specifying a non-existent directory when requesting a resource within the Web interface. This issue is a variant of the vulnerability described in BID 9646.

Macallan Mail Solution is prone to a vulnerability that may permit remote attackers to gain unauthorized access to the Web interface. It is reported that by including extraneous URL-encoded slash characters (%2f), a remote user may access restricted pages in the Web interface and perform various actions. It was also reported that authentication may be bypassed by specifying a non-existent directory when requesting a resource within the Web interface. This issue is a variant of the vulnerability described in BID 9646.