Lucene search

[email protected]CVE-2008-1690

HistoryApr 07, 2008 - 5:44 p.m.

CVE-2008-1690

2008-04-0717:44:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2008-1690

slmail pro

remote code execution

memory corruption

daemon crash

http requests

tcp port 801

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.192 Low

EPSS

Percentile

96.3%

JSON

WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

seattle_lab_softwareslmail_proRange≤6.3.1.0

CPENameOperatorVersion
seattle_lab_software:slmail_proseattle lab software slmail prole6.3.1.0

CPE	Name	Operator	Version
seattle_lab_software:slmail_pro	seattle lab software slmail pro	le	6.3.1.0

References

aluigi.org/poc/slmaildos.zip

secunia.com/advisories/29614

www.securityfocus.com/bid/28505

www.vupen.com/english/advisories/2008/1039/references

exchange.xforce.ibmcloud.com/vulnerabilities/41531

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.192 Low

EPSS

Percentile

96.3%

JSON

Related for CVE-2008-1690

nvd1 prion1 cvelist1