ID CVE-2004-2766
Type cve
Reporter cve@mitre.org
Modified 2010-01-31T05:00:00
Description
Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.
{"id": "CVE-2004-2766", "bulletinFamily": "NVD", "title": "CVE-2004-2766", "description": "Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified \"access\" to e-mail via a crafted e-mail message, related to a \"session hijacking\" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.", "published": "2010-01-28T20:30:00", "modified": "2010-01-31T05:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2766", "reporter": "cve@mitre.org", "references": ["http://sunsolve.sun.com/search/document.do?assetkey=1-21-116568-55-1", "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201180-1"], "cvelist": ["CVE-2004-2766"], "type": "cve", "lastseen": "2019-05-29T18:08:04", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "c7574fccff09461b27bff7c6a58ea2a7"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "c56ae6bcdc50256b40556102bad94bdb"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "25f557fdd60d1f6b56c672f65b0250f3"}, {"key": "cvss", "hash": "876f47c4ebc2b9e0dd17afaa22819f2a"}, {"key": "cvss2", "hash": "4c5095aa0a8ad4049b7693b420a5ae6e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "b647a850fd42b235dd11ee60cf626f2d"}, {"key": "description", "hash": "e1921f0cd273c4be0edb223f66b451dd"}, {"key": "href", "hash": "123f1b716b302ff3ef669365e539bc66"}, {"key": "modified", "hash": "ef1fb54b69f8dbac414533f6bb69b5d6"}, {"key": "published", "hash": "82b488748e7764ce38bbda3545e1ae1a"}, {"key": "references", "hash": "adb2233ea2d6115fa02f29b577ff5d35"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "93a0c17ce1726c963ec07b341918bbdd"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "41d3aa1b8945100264c4675fbfcbaf91e40e5ea081e4b5bec0f2f0b51fd99ad6", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SOLARIS9_X86_116569.NASL", "SOLARIS9_116568.NASL", "SOLARIS8_116568.NASL"]}], "modified": "2019-05-29T18:08:04"}, "score": {"value": 6.2, "vector": "NONE", "modified": "2019-05-29T18:08:04"}, "vulnersScore": 6.2}, "objectVersion": "1.3", "cpe": ["cpe:/a:sun:one_messaging_server:6.1", "cpe:/a:sun:iplanet_messaging_server:5.2"], "affectedSoftware": [{"name": "sun iplanet_messaging_server", "operator": "eq", "version": "5.2"}, {"name": "sun one_messaging_server", "operator": "eq", "version": "6.1"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cpe23": [], "cwe": ["CWE-200"]}
{"nessus": [{"lastseen": "2019-11-03T12:17:10", "bulletinFamily": "scanner", "description": "Messaging Server 6.1: core patch.\nDate this patch was last updated by Sun : Feb/09/05", "modified": "2019-11-02T00:00:00", "id": "SOLARIS9_116568.NASL", "href": "https://www.tenable.com/plugins/nessus/37260", "published": "2009-04-23T00:00:00", "title": "Solaris 9 (sparc) : 116568-99", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37260);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:23\");\n\n script_cve_id(\"CVE-2004-2765\", \"CVE-2004-2766\");\n\n script_name(english:\"Solaris 9 (sparc) : 116568-99\");\n script_summary(english:\"Check for patch 116568-99\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 116568-99\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Messaging Server 6.1: core patch.\nDate this patch was last updated by Sun : Feb/09/05\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/116568-99\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsgmf\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsgco\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsgen\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsgwm\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsgst\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsgmt\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsgmp\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsgin\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsglb\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report());\n else security_warning(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-03T12:17:08", "bulletinFamily": "scanner", "description": "Messaging Server 6.1: core patch.\nDate this patch was last updated by Sun : Feb/09/05", "modified": "2019-11-02T00:00:00", "id": "SOLARIS8_116568.NASL", "href": "https://www.tenable.com/plugins/nessus/36543", "published": "2009-04-23T00:00:00", "title": "Solaris 8 (sparc) : 116568-99", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36543);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:22\");\n\n script_cve_id(\"CVE-2004-2765\", \"CVE-2004-2766\");\n\n script_name(english:\"Solaris 8 (sparc) : 116568-99\");\n script_summary(english:\"Check for patch 116568-99\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 116568-99\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Messaging Server 6.1: core patch.\nDate this patch was last updated by Sun : Feb/09/05\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/116568-99\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsgmf\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsgco\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsgen\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsgwm\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsgst\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsgmt\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsgmp\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsgin\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116568-99\", obsoleted_by:\"118207-28 120228-20 \", package:\"SUNWmsglb\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report());\n else security_warning(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-03T12:17:11", "bulletinFamily": "scanner", "description": "Messaging Server 6.1_x86: core patch.\nDate this patch was last updated by Sun : Feb/09/05", "modified": "2019-11-02T00:00:00", "id": "SOLARIS9_X86_116569.NASL", "href": "https://www.tenable.com/plugins/nessus/37470", "published": "2009-04-23T00:00:00", "title": "Solaris 9 (x86) : 116569-99", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37470);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:23\");\n\n script_cve_id(\"CVE-2004-2765\", \"CVE-2004-2766\");\n\n script_name(english:\"Solaris 9 (x86) : 116569-99\");\n script_summary(english:\"Check for patch 116569-99\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 116569-99\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Messaging Server 6.1_x86: core patch.\nDate this patch was last updated by Sun : Feb/09/05\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/116569-99\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"116569-99\", obsoleted_by:\"118208-28 120229-20 \", package:\"SUNWmsgmf\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"116569-99\", obsoleted_by:\"118208-28 120229-20 \", package:\"SUNWmsgco\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"116569-99\", obsoleted_by:\"118208-28 120229-20 \", package:\"SUNWmsgen\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"116569-99\", obsoleted_by:\"118208-28 120229-20 \", package:\"SUNWmsgwm\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"116569-99\", obsoleted_by:\"118208-28 120229-20 \", package:\"SUNWmsgst\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"116569-99\", obsoleted_by:\"118208-28 120229-20 \", package:\"SUNWmsgmt\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"116569-99\", obsoleted_by:\"118208-28 120229-20 \", package:\"SUNWmsgmp\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"116569-99\", obsoleted_by:\"118208-28 120229-20 \", package:\"SUNWmsgin\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"116569-99\", obsoleted_by:\"118208-28 120229-20 \", package:\"SUNWmsglb\", version:\"6.0,REV=2003.10.29\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report());\n else security_warning(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}