6.4

CVE-2008-2784

The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SpamdykeSpamdyke Version3.0.0
SpamdykeSpamdyke Version3.0.1
SpamdykeSpamdyke Version3.1.0
SpamdykeSpamdyke Version3.1.1
SpamdykeSpamdyke Version3.1.2
SpamdykeSpamdyke Version3.1.3
SpamdykeSpamdyke Version3.1.4
SpamdykeSpamdyke Version3.1.5
SpamdykeSpamdyke Version3.1.6
SpamdykeSpamdyke Version3.1.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.36% 0.681
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/30408
Vendor Advisory
http://www.spamdyke.org/documentation/Changelog.txt
http://www.vupen.com/english/advisories/2008/1684/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42658