CVE-2007-3275

Sažetak

MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information.

Reference

http://osvdb.org/37538
http://secunia.com/advisories/25695
http://sourceforge.net/project/shownotes.php?release_id=515127
http://www.securityfocus.com/bid/24507
http://www.vupen.com/english/advisories/2007/2239
https://exchange.xforce.ibmcloud.com/vulnerabilities/34925

CVSS

Base:	7.1
Impact:	6.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:N/A:N

Zadnje važnije ažuriranje

29-07-2017 - 01:32

Objavljeno

19-06-2007 - 21:30