PineApp Mail-SeCure confnetworking.html nsserver command execution

Added: 11/25/2013
CVE: CVE-2013-6830
BID: 63817
OSVDB: 100029

Background

PineApp Mail-SeCure is an e-mail security appliance which provides perimeter security protection to stop threats prior to their penetration of the customer's network, as well as post-perimeter anti-spam content inspection.

Problem

A vulnerability in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands contained in the nsserver parameter in a request for the confnetworking.html script.

Resolution

Restrict access to ports 7080 and 7443.

References

http://www.exploit-db.com/exploits/29734/

Limitations

Exploit requires wget to be installed on the target system.

Platforms

Linux

Back to exploit index