CVE-2007-3275

MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:N/A:N

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://sourceforge.net/project/shownotes.php?release_id=515127
http://secunia.com/advisories/25695	Patch Vendor Advisory
http://www.securityfocus.com/bid/24507
http://osvdb.org/37538
http://www.vupen.com/english/advisories/2007/2239	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34925

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:mailwasher:mailwasher_server:*:*:*:*:*:*:*:*

Information

Published : 2007-06-19 14:30

Updated : 2017-07-28 18:32

NVD link : CVE-2007-3275

Mitre link : CVE-2007-3275

JSON object : View

CWE

CWE-255

Credentials Management Errors

Advertisement

Products Affected

mailwasher

mailwasher_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://sourceforge.net/project/shownotes.php?release_id=515127", "name": "http://sourceforge.net/project/shownotes.php?release_id=515127", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/25695", "name": "25695", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/24507", "name": "24507", "tags": [], "refsource": "BID"}, {"url": "http://osvdb.org/37538", "name": "37538", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/2239", "name": "ADV-2007-2239", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34925", "name": "mailwasher-logincheck-unauthorized-access(34925)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-3275", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-06-19T21:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mailwasher:mailwasher_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.2.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:32Z"}