Lucene search

MitreCVE-2004-2584

HistoryNov 28, 2005 - 11:00 p.m.

CVE-2004-2584

2005-11-2823:00:00

mitre

web.nvd.nist.gov

smartermail

authenticated users

remote attack

folder creation

null byte

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.002

Percentile

57.7%

JSON

frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte (“%00”). NOTE: it is not clear whether this issue poses a vulnerability.

Affected configurations

Nvd

Node

smartertoolssmartermailMatch1.6.1511

smartertoolssmartermailMatch1.6.1529

VendorProductVersionCPE
smartertoolssmartermail1.6.1511cpe:2.3:a:smartertools:smartermail:1.6.1511:*:*:*:*:*:*:*
smartertoolssmartermail1.6.1529cpe:2.3:a:smartertools:smartermail:1.6.1529:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
smartertools	smartermail	1.6.1511	cpe:2.3:a:smartertools:smartermail:1.6.1511:::::::*
smartertools	smartermail	1.6.1529	cpe:2.3:a:smartertools:smartermail:1.6.1529:::::::*

References

members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt

www.zone-h.org/advisories/read/id=4098

exchange.xforce.ibmcloud.com/vulnerabilities/15392

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.002

Percentile

57.7%

JSON

Related for CVE-2004-2584