Lucene search

[email protected]NVD:CVE-2004-2677

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2677

2004-12-3105:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.251

Percentile

96.7%

JSON

Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments.

Affected configurations

Nvd

Node

qwikmailqwikmail_smtpMatch0.3

VendorProductVersionCPE
qwikmailqwikmail_smtp0.3cpe:2.3:a:qwikmail:qwikmail_smtp:0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qwikmail	qwikmail_smtp	0.3	cpe:2.3:a:qwikmail:qwikmail_smtp:0.3:::::::*

References

qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patch

secunia.com/advisories/13037

securitytracker.com/id?1012016

unl0ck.info/advisories/qwik-smtpd.txt

www.securityfocus.com/archive/1/460600/100/0/threaded

www.securityfocus.com/bid/11572

www.vupen.com/english/advisories/2007/0687

exchange.xforce.ibmcloud.com/vulnerabilities/17917

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.251

Percentile

96.7%

JSON

Related for NVD:CVE-2004-2677

exploitdb1 cvelist1 cve1