Lucene search

[email protected]CVE-2004-1993

HistoryMay 10, 2005 - 4:00 a.m.

CVE-2004-1993

2005-05-1004:00:00

[email protected]

web.nvd.nist.gov

cve-2004-1993

patch

checklogin function

omail.pl

omail webmail 0.98.5

remote attackers

arbitrary commands

shell metacharacters

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

Low

0.183 Low

EPSS

Percentile

96.2%

JSON

The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as “`” (backticks) in the password.

Affected configurations

NVD

Node

omailomail_webmailMatch0.97.3

omailomail_webmailMatch0.98.3

omailomail_webmailMatch0.98.5

CPENameOperatorVersion
omail:omail_webmailomail omail webmaileq0.97.3
omail:omail_webmailomail omail webmaileq0.98.3
omail:omail_webmailomail omail webmaileq0.98.5

CPE	Name	Operator	Version
omail:omail_webmail	omail omail webmail	eq	0.97.3
omail:omail_webmail	omail omail webmail	eq	0.98.3
omail:omail_webmail	omail omail webmail	eq	0.98.5

References

marc.info/?l=bugtraq&m=108377215015515&w=2

secunia.com/advisories/9585

www.securityfocus.com/bid/10274

exchange.xforce.ibmcloud.com/vulnerabilities/12948

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

Low

0.183 Low

EPSS

Percentile

96.2%

JSON

Related for CVE-2004-1993

cvelist1 nvd1