6.8

CVE-2007-6714

EPSS 1.44%
Veröffentlicht 17.04.2008 22:05:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dbmail ≫ Dbmail Version2.2.6

Dbmail ≫ Dbmail Version2.2.6 Updaterc1

Dbmail ≫ Dbmail Version2.2.7

Dbmail ≫ Dbmail Version2.2.7 Updaterc1

Dbmail ≫ Dbmail Version2.2.7 Updaterc2

Dbmail ≫ Dbmail Version2.2.7 Updaterc3

Dbmail ≫ Dbmail Version2.2.7 Updaterc4

Dbmail ≫ Dbmail Version2.2.8

Dbmail ≫ Dbmail Version2.2.8 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.44%	0.788

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://dbmail.org/index.php?page=news&id=44

Patch

http://osvdb.org/44561

http://secunia.com/advisories/29903

http://secunia.com/advisories/29937

http://secunia.com/advisories/29984

http://www.gentoo.org/security/en/glsa/glsa-200804-24.xml

http://www.mail-archive.com/dbmail-dev%40dbmail.org/msg09942.html

http://www.securityfocus.com/bid/28849

http://www.securitytracker.com/id?1019914

http://www.vupen.com/english/advisories/2008/1321/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41907

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00549.html

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00585.html

https://nvd.nist.gov/vuln/detail/CVE-2007-6714

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-6714

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-6714

EUVD