Lucene search

[email protected]CVE-2007-4377

HistoryAug 16, 2007 - 6:17 p.m.

CVE-2007-4377

2007-08-1618:17:00

[email protected]

web.nvd.nist.gov

cve-2007-4377

surgemail

imap

stack-based buffer overflow

remote execution

cve-2007-4372

7.5 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.6%

JSON

Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372.

Affected configurations

NVD

Node

netwinsurgemailMatch38k

CPENameOperatorVersion
netwin:surgemailnetwin surgemaileq38k

CPE	Name	Operator	Version
netwin:surgemail	netwin surgemail	eq	38k

References

marc.info/?l=full-disclosure&m=118710179924684&w=2

secunia.com/advisories/26464

www.securityfocus.com/bid/25318

www.vupen.com/english/advisories/2007/2875

exchange.xforce.ibmcloud.com/vulnerabilities/36009

www.exploit-db.com/exploits/4287

7.5 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.6%

JSON

Related for CVE-2007-4377

nvd2 prion2 cvelist2 nessus1 cve1