7.1

CVE-2007-3275

EPSS 1.49%
Veröffentlicht 19.06.2007 21:30:00
Zuletzt bearbeitet 16.06.2026 22:41:24
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp.  NOTE: some of these details are obtained from third party information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mailwasher ≫ Mailwasher Server Version <= 2.2.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.49%	0.706

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:C/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://osvdb.org/37538

http://secunia.com/advisories/25695

Patch

Vendor Advisory

http://sourceforge.net/project/shownotes.php?release_id=515127

http://www.securityfocus.com/bid/24507

http://www.vupen.com/english/advisories/2007/2239

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/34925

https://nvd.nist.gov/vuln/detail/CVE-2007-3275

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3275

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3275

EUVD