Lucene search

[email protected]CVE-2008-0434

HistoryJan 23, 2008 - 10:00 p.m.

CVE-2008-0434

2008-01-2322:00:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2008-0434

aximilter module

axigen mail server

format string vulnerability

remote code execution

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.084 Low

EPSS

Percentile

94.4%

JSON

Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command.

Affected configurations

NVD

Node

gecad_technologiesaxigen_mail_serverMatch5.0.2

CPENameOperatorVersion
gecad_technologies:axigen_mail_servergecad technologies axigen mail servereq5.0.2

CPE	Name	Operator	Version
gecad_technologies:axigen_mail_server	gecad technologies axigen mail server	eq	5.0.2

References

lists.grok.org.uk/pipermail/full-disclosure/2008-January/059788.html

secunia.com/advisories/28562

securityreason.com/securityalert/3570

www.securityfocus.com/archive/1/486722/100/0/threaded

www.securityfocus.com/bid/27363

www.vupen.com/english/advisories/2008/0237

exchange.xforce.ibmcloud.com/vulnerabilities/39803

www.exploit-db.com/exploits/4947

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.084 Low

EPSS

Percentile

94.4%

JSON

Related for CVE-2008-0434

nessus1 prion1 nvd1 cvelist1