Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers to bypass authentication in the web interface via an HTTP GET request with two slashes ("//") after the server name.Referenceshttp://securitytracker.com/id?1009030http://www.osvdb.org/3926https://exchange.xforce.ibmcloud.com/vulnerabilities/15194http://secunia.com/advisories/10861http://www.securityfocus.com/bid/9646https://testzone.secunia.com/advisories/10861
