Lucene search

[email protected]CVE-2006-6291

HistoryDec 05, 2006 - 11:28 a.m.

CVE-2006-6291

2006-12-0511:28:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2006-6291

stack overflow

imap module

mailenable professional

mailenable enterprise

meimaps.exe

denial of service

remote authenticated users

crash

me-10020 hotfix

6.7 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.008 Low

EPSS

Percentile

81.7%

JSON

Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument containing * (asterisk) and ? (question mark) characters to the DELETE command, as addressed by the ME-10020 hotfix.

CPENameOperatorVersion
mailenable:mailenablemailenablele2.33
mailenable:mailenablemailenablele1.40
mailenable:mailenablemailenablele1.83

CPE	Name	Operator	Version
mailenable:mailenable	mailenable	le	2.33
mailenable:mailenable	mailenable	le	1.40
mailenable:mailenable	mailenable	le	1.83

References

secunia.com/advisories/23080

secunia.com/secunia_research/2006-71/advisory/

securitytracker.com/id?1017276

securitytracker.com/id?1017319

www.mailenable.com/hotfix/

www.securityfocus.com/archive/1/453118/100/100/threaded

www.securityfocus.com/bid/21362

www.vupen.com/english/advisories/2006/4778

exchange.xforce.ibmcloud.com/vulnerabilities/30614

6.7 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.008 Low

EPSS

Percentile

81.7%

JSON

Related for CVE-2006-6291

cvelist1 nessus1