Lucene search

[email protected]CVE-1999-0365

HistorySep 29, 1999 - 4:00 a.m.

CVE-1999-0365

1999-09-2904:00:00

[email protected]

web.nvd.nist.gov

cve-1999-0365

metamail vulnerability

remote command execution

unquoted shell metacharacters

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.9%

JSON

The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry.

Affected configurations

NVD

Node

metainfometaipMatch3.1

metainfosendmailMatch2.0

metainfosendmailMatch2.5

CPENameOperatorVersion
metainfo:metaipmetainfo metaipeq3.1
metainfo:sendmailmetainfo sendmaileq2.0
metainfo:sendmailmetainfo sendmaileq2.5

CPE	Name	Operator	Version
metainfo:metaip	metainfo metaip	eq	3.1
metainfo:sendmail	metainfo sendmail	eq	2.0
metainfo:sendmail	metainfo sendmail	eq	2.5

References

exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0365

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.9%

JSON

Related for CVE-1999-0365

cvelist1 nvd1