Unrated severityNVD Advisory· Published Aug 17, 2004· Updated Apr 16, 2026

CVE-2004-1720

Description

The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.

Affected products

Merak/Mail Server
cpe:2.3:a:merak:mail_server:7.4.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.nl/0408-exploits/merak527.txtnvdExploitPatchVendor Advisory
secunia.com/advisories/12269nvdExploitPatchVendor Advisory
www.osvdb.org/9043nvdExploitPatchVendor Advisory
www.securityfocus.com/bid/10966nvdExploitPatchVendor Advisory
marc.infonvd
securitytracker.com/idnvd
exchange.xforce.ibmcloud.com/vulnerabilities/17027nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000