Lucene search

[email protected]CVE-2007-3803

HistoryJul 16, 2007 - 11:30 p.m.

CVE-2007-3803

2007-07-1623:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3803

smtp alg

clavister coreplus

address blacklists

remote attackers

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.7%

JSON

The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists.

Affected configurations

NVD

Node

clavisterclavister_coreplusRange≤8.80.03

clavisterclavister_coreplusRange≤8.81.00

CPENameOperatorVersion
clavister:clavister_coreplusclavister clavister coreplusle8.80.03
clavister:clavister_coreplusclavister clavister coreplusle8.81.00

CPE	Name	Operator	Version
clavister:clavister_coreplus	clavister clavister coreplus	le	8.80.03
clavister:clavister_coreplus	clavister clavister coreplus	le	8.81.00

References

osvdb.org/37974

secunia.com/advisories/25957

www.clavister.com/releasenotes/CorePlus_Release_Notes_8_80_04.pdf

www.clavister.com/releasenotes/CorePlus_Release_Notes_8_81_01.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/35371

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.7%

JSON

Related for CVE-2007-3803

prion1 nvd1 cvelist1