Lucene search
HistoryApr 28, 2014 - 2:09 p.m.
CVE-2014-0037
zarafa
validateuserlogon
cve-2014-0037
denial of service
security vulnerability
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.3 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.3%
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to “a NULL pointer of the username.”
Affected configurations
Node
zarafazarafaMatch5.00
ORzarafazarafaMatch5.01
ORzarafazarafaMatch5.02
ORzarafazarafaMatch5.10
ORzarafazarafaMatch5.11
ORzarafazarafaMatch5.20
ORzarafazarafaMatch5.22
ORzarafazarafaMatch6.00
ORzarafazarafaMatch6.01
ORzarafazarafaMatch6.02
ORzarafazarafaMatch6.03
ORzarafazarafaMatch6.10
ORzarafazarafaMatch6.11
ORzarafazarafaMatch6.20
ORzarafazarafaMatch6.20.2
ORzarafazarafaMatch6.20.3
ORzarafazarafaMatch6.20.5
ORzarafazarafaMatch6.20.6
ORzarafazarafaMatch6.20.7
ORzarafazarafaMatch6.20.10
ORzarafazarafaMatch6.20.11
ORzarafazarafaMatch6.20.12
ORzarafazarafaMatch6.30.0
ORzarafazarafaMatch6.30.3
ORzarafazarafaMatch6.30.4
ORzarafazarafaMatch6.30.5
ORzarafazarafaMatch6.30.6
ORzarafazarafaMatch6.30.7
ORzarafazarafaMatch6.30.8
ORzarafazarafaMatch6.30.9
ORzarafazarafaMatch6.30.10
ORzarafazarafaMatch6.30.11
ORzarafazarafaMatch6.30.13
ORzarafazarafaMatch6.30.16
ORzarafazarafaMatch6.30.17
ORzarafazarafaMatch6.40.0
ORzarafazarafaMatch6.40.2
ORzarafazarafaMatch6.40.3
ORzarafazarafaMatch6.40.4
ORzarafazarafaMatch6.40.5
ORzarafazarafaMatch6.40.6
ORzarafazarafaMatch6.40.7
ORzarafazarafaMatch6.40.8
ORzarafazarafaMatch6.40.9
ORzarafazarafaMatch6.40.10
ORzarafazarafaMatch6.40.11
ORzarafazarafaMatch6.40.12
ORzarafazarafaMatch6.40.13
ORzarafazarafaMatch6.40.14
ORzarafazarafaMatch6.40.15
ORzarafazarafaMatch6.40.16
ORzarafazarafaMatch6.40.17
ORzarafazarafaMatch7.0
ORzarafazarafaMatch7.0.1
ORzarafazarafaMatch7.0.2
ORzarafazarafaMatch7.0.3
ORzarafazarafaMatch7.0.4
ORzarafazarafaMatch7.0.5
ORzarafazarafaMatch7.0.6
ORzarafazarafaMatch7.0.7
ORzarafazarafaMatch7.0.8
ORzarafazarafaMatch7.0.9
ORzarafazarafaMatch7.0.10
ORzarafazarafaMatch7.0.11
ORzarafazarafaMatch7.0.12
ORzarafazarafaMatch7.0.13
ORzarafazarafaMatch7.1.0
ORzarafazarafaMatch7.1.1
ORzarafazarafaMatch7.1.2
ORzarafazarafaMatch7.1.3
ORzarafazarafaMatch7.1.4
Related
cvelist
cvelist
CVE-2014-0037
2014-04-28 14:00:00
nvd
nvd
CVE-2014-0037
2014-04-28 14:09:06
prion
prion
Null pointer dereference
2014-04-28 14:09:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0112)
2022-01-28 00:00:00
Fedora Update for zarafa FEDORA-2014-1900
2014-02-17 00:00:00
Fedora Update for zarafa FEDORA-2014-1883
2014-02-17 00:00:00
securityvulns
securityvulns
Zarafa DoS
2014-05-05 00:00:00
[ MDVSA-2014:044 ] zarafa
2014-05-05 00:00:00
nessus
nessus
Fedora 19 : zarafa-7.1.8-1.fc19 (2014-1883)
2014-02-17 00:00:00
Mandriva Linux Security Advisory : zarafa (MDVSA-2014:044)
2014-02-20 00:00:00
Fedora 20 : zarafa-7.1.8-1.fc20 (2014-1900)
2014-02-17 00:00:00
mageia
mageia
Updated zarafa packages fix security vulnerabilities
2014-03-02 02:57:23
fedora
fedora
[SECURITY] Fedora 19 Update: zarafa-7.1.8-1.fc19
2014-02-15 20:04:25
[SECURITY] Fedora 20 Update: zarafa-7.1.8-1.fc20
2014-02-15 20:02:59
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.3 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.3%
Related for CVE-2014-0037