Lucene search

[email protected]CVE-2007-0887

HistoryFeb 12, 2007 - 11:28 p.m.

CVE-2007-0887

2007-02-1223:28:00

CWE-476

[email protected]

web.nvd.nist.gov

axigen

remote attackers

denial of service

null dereference

application crash

imap port

nvd

cve-2007-0887

6.8 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.043 Low

EPSS

Percentile

92.3%

JSON

axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded “*\x00” sequence on the imap port (143/tcp).

CPENameOperatorVersion
gecad_technologies:axigen_mail_servergecad technologies axigen mail servereq1.2.6
gecad_technologies:axigen_mail_servergecad technologies axigen mail servereq2.0.0b1

CPE	Name	Operator	Version
gecad_technologies:axigen_mail_server	gecad technologies axigen mail server	eq	1.2.6
gecad_technologies:axigen_mail_server	gecad technologies axigen mail server	eq	2.0.0b1

References

marc.info/?l=full-disclosure&m=117094708423302&w=2

osvdb.org/33165

secunia.com/advisories/24073

www.securityfocus.com/bid/22473

exchange.xforce.ibmcloud.com/vulnerabilities/32345

www.exploit-db.com/exploits/3290

6.8 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.043 Low

EPSS

Percentile

92.3%

JSON

Related for CVE-2007-0887

cvelist1 prion1 securityvulns1 nessus1