Lucene search

[email protected]CVE-2005-0315

HistoryFeb 10, 2005 - 5:00 a.m.

CVE-2005-0315

2005-02-1005:00:00

[email protected]

web.nvd.nist.gov

ftp service

magic winmail server

security vulnerability

port scanning

nvd

cve-2005-0315

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.0%

JSON

The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning.

Affected configurations

NVD

Node

amax_information_technologiesmagic_winmail_serverMatch4.0

CPENameOperatorVersion
amax_information_technologies:magic_winmail_serveramax information technologies magic winmail servereq4.0

CPE	Name	Operator	Version
amax_information_technologies:magic_winmail_server	amax information technologies magic winmail server	eq	4.0

References

marc.info/?l=bugtraq&m=110685011825461&w=2

secunia.com/advisories/14053

securitytracker.com/id?1013017

www.securityfocus.com/bid/12388

exchange.xforce.ibmcloud.com/vulnerabilities/19115

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.0%

JSON

Related for CVE-2005-0315

cvelist1 nvd1