https://www.exploit-db.com/exploits/23687
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-452

MacallanMailSolution是一款基于WEB的邮件解决方案。MacallanMailWEB管理接口不正确处理部分HTTPGET请求，远程攻击者可以利用这个漏洞未授权访问管理接口。提交类似如下的请求：http://www.example.com//admin.html可绕过访问限制，直接访问管理接口，对应用程序进行控制。

source: http://www.securityfocus.com/bid/9646/info

A vulnerability has been reported in Macallan Mail Solution that may permit remote attackers to bypass authentication for the web interface. This may be exploited by submitting a specially crafted HTTP GET request for the administration page of the web interface.

There are conflicting reports from the vendor that state that the attacker will not be able to perform any administrative actions after bypassing authentication.

This issue was reported in version 2.8.4.6(Build 260). Other versions may also be affected.

http://www.example.com//admin.html

来源:XF
名称:macallan-gain-unauthorized-access(15194)
链接:http://xforce.iss.net/xforce/xfdb/15194
来源:BID
名称:9646
链接:http://www.securityfocus.com/bid/9646
来源:OSVDB
名称:3926
链接:http://www.osvdb.org/3926
来源:SECTRACK
名称:1009030
链接:http://securitytracker.com/id?1009030
来源:SECUNIA
名称:10861
链接:http://secunia.com/advisories/10861
来源：NSFOCUS
名称：6045
链接：http://www.nsfocus.net/vulndb/6045