Lucene search

[email protected]CVE-2008-3729

HistoryAug 20, 2008 - 4:41 p.m.

CVE-2008-3729

2008-08-2016:41:00

CWE-287

[email protected]

web.nvd.nist.gov

cve

mailscan

microworld technologies

authentication bypass

web based administration

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.9%

JSON

Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie.

Affected configurations

NVD

Node

microworld_technologiesmailscanMatch5.6.a

CPENameOperatorVersion
microworld_technologies:mailscanmicroworld technologies mailscaneq5.6.a

CPE	Name	Operator	Version
microworld_technologies:mailscan	microworld technologies mailscan	eq	5.6.a

References

marc.info/?l=bugtraq&m=121881329424635&w=2

securityreason.com/securityalert/4172

www.oliverkarow.de/research/mailscan.txt

www.securityfocus.com/bid/30700

exchange.xforce.ibmcloud.com/vulnerabilities/44515

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.9%

JSON

Related for CVE-2008-3729

nvd1 cvelist1 prion1 nessus1