Lucene search

[email protected]CVE-2005-0198

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0198

2005-05-0204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-0198

logic error

cram-md5

university of washington imap

uw-imap

authentication

remote attackers

nvd

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.7%

JSON

A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.

CPENameOperatorVersion
university_of_washington:uw-imapuniversity of washington uw-imapeq*

CPE	Name	Operator	Version
university_of_washington:uw-imap	university of washington uw-imap	eq	*

References

secunia.com/advisories/14057

secunia.com/advisories/14097

securitytracker.com/id?1013037

www.gentoo.org/security/en/glsa/glsa-200502-02.xml

www.kb.cert.org/vuls/id/702777

www.kb.cert.org/vuls/id/CRDY-68QSL5

www.mandriva.com/security/advisories?name=MDKSA-2005:026

www.redhat.com/support/errata/RHSA-2005-128.html

www.securityfocus.com/bid/12391

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.7%

JSON

Related for CVE-2005-0198

suse1 ubuntucve1 gentoo1 debiancve1 openvas6 freebsd1 nessus7 cert1 redhat1