CVE-2011-4554

One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) " (double quote) and newline characters in an org name or (2) " (double quote) characters in an e-mail address, related to a "2nd Order SMTP Injection" issue.

CVSS v2.0 5.5 MEDIUM

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en&dmode=source&output=gplain
http://dmcdonald.net/?page_id=43

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oneclickorgs:one_click_orgs:1.1.0:::::::*
	cpe:2.3:a:oneclickorgs:one_click_orgs:1.0.0:::::::*
	cpe:2.3:a:oneclickorgs:one_click_orgs::::::::
	cpe:2.3:a:oneclickorgs:one_click_orgs:1.2.1:::::::*
	cpe:2.3:a:oneclickorgs:one_click_orgs:1.2.0:::::::*
	cpe:2.3:a:oneclickorgs:one_click_orgs:1.1.1:::::::*
	cpe:2.3:a:oneclickorgs:one_click_orgs:1.0.1:::::::*

Information

Published : 2011-12-06 03:55

Updated : 2011-12-07 21:00

NVD link : CVE-2011-4554

Mitre link : CVE-2011-4554

JSON object : View

CWE

CWE-20

Improper Input Validation

Advertisement

Products Affected

oneclickorgs

one_click_orgs

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en&dmode=source&output=gplain", "name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3", "tags": [], "refsource": "MLIST"}, {"url": "http://dmcdonald.net/?page_id=43", "name": "http://dmcdonald.net/?page_id=43", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) \" (double quote) and newline characters in an org name or (2) \" (double quote) characters in an e-mail address, related to a \"2nd Order SMTP Injection\" issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-4554", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-12-06T11:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oneclickorgs:one_click_orgs:1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oneclickorgs:one_click_orgs:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oneclickorgs:one_click_orgs:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.2.2"}, {"cpe23Uri": "cpe:2.3:a:oneclickorgs:one_click_orgs:1.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oneclickorgs:one_click_orgs:1.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oneclickorgs:one_click_orgs:1.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oneclickorgs:one_click_orgs:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-12-08T05:00Z"}