Lucene search

MitreCVE-2008-2049

HistoryMay 01, 2008 - 7:05 p.m.

CVE-2008-2049

2008-05-0119:05:00

CWE-200

mitre

web.nvd.nist.gov

cve-2008-2049

e-post mail server

pop3

information security

remote attackers

sensitive information

vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.007

Percentile

80.6%

JSON

The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message.

Affected configurations

Nvd

Node

e-post_corporationmail_serverMatch4.10

e-post_corporationmail_serverMatchenterprise_4.10

VendorProductVersionCPE
e-post_corporationmail_server4.10cpe:2.3:a:e-post_corporation:mail_server:4.10:*:*:*:*:*:*:*
e-post_corporationmail_serverenterprise_4.10cpe:2.3:a:e-post_corporation:mail_server:enterprise_4.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
e-post_corporation	mail_server	4.10	cpe:2.3:a:e-post_corporation:mail_server:4.10:::::::*
e-post_corporation	mail_server	enterprise_4.10	cpe:2.3:a:e-post_corporation:mail_server:enterprise_4.10:::::::*

References

secunia.com/advisories/29990

vuln.sg/epostmailserver410-en.html

www.e-postinc.jp/Mail_Server.html

www.securityfocus.com/bid/28951

www.securitytracker.com/id?1019930

www.vupen.com/english/advisories/2008/1389/references

exchange.xforce.ibmcloud.com/vulnerabilities/42035

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.007

Percentile

80.6%

JSON

Related for CVE-2008-2049