7.1

CVE-2007-3275

EPSS 0.64%
Veröffentlicht 19.06.2007 21:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp.  NOTE: some of these details are obtained from third party information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mailwasher ≫ Mailwasher Server Version <= 2.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.64%	0.7

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:C/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://osvdb.org/37538

http://secunia.com/advisories/25695

Patch

Vendor Advisory

http://sourceforge.net/project/shownotes.php?release_id=515127

http://www.securityfocus.com/bid/24507

http://www.vupen.com/english/advisories/2007/2239

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/34925

https://nvd.nist.gov/vuln/detail/CVE-2007-3275

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3275

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3275

EUVD