Lucene search

[email protected]CVE-2004-2584

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2584

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

smartermail

authenticated users

remote attack

folder creation

null byte

vulnerability

7 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

57.5%

JSON

frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte (“%00”). NOTE: it is not clear whether this issue poses a vulnerability.

CPENameOperatorVersion
smartertools:smartermailsmartertools smartermaileq1.6.1511
smartertools:smartermailsmartertools smartermaileq1.6.1529

CPE	Name	Operator	Version
smartertools:smartermail	smartertools smartermail	eq	1.6.1511
smartertools:smartermail	smartertools smartermail	eq	1.6.1529

References

members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt

www.zone-h.org/advisories/read/id=4098

exchange.xforce.ibmcloud.com/vulnerabilities/15392

7 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

57.5%

JSON

Related for CVE-2004-2584

cvelist1