MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to bwlist_inc.html, which reveals the path in an error message.
Software | From | Fixed in |
---|---|---|
icewarp / web_mail | 5.5.1 | 5.5.1.x |
merak / mail_server | 8.2.4r | 8.2.4r.x |