Lucene search

[email protected]NVD:CVE-2007-2231

HistoryApr 25, 2007 - 3:19 p.m.

CVE-2007-2231

2007-04-2515:19:00

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.6%

JSON

Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a … (dot dot) sequence in the mailbox name.

Affected configurations

NVD

Node

dovecotdovecotMatch1.0.beta1

dovecotdovecotMatch1.0.beta2

dovecotdovecotMatch1.0.beta3

dovecotdovecotMatch1.0.beta4

dovecotdovecotMatch1.0.beta5

dovecotdovecotMatch1.0.beta6

dovecotdovecotMatch1.0.beta7

dovecotdovecotMatch1.0.beta8

dovecotdovecotMatch1.0.beta9

dovecotdovecotMatch1.0.rc1

dovecotdovecotMatch1.0.rc2

dovecotdovecotMatch1.0.rc3

dovecotdovecotMatch1.0.rc4

dovecotdovecotMatch1.0.rc5

dovecotdovecotMatch1.0.rc6

dovecotdovecotMatch1.0.rc7

dovecotdovecotMatch1.0.rc8

dovecotdovecotMatch1.0.rc9

dovecotdovecotMatch1.0.rc10

dovecotdovecotMatch1.0.rc11

dovecotdovecotMatch1.0.rc12

dovecotdovecotMatch1.0.rc13

dovecotdovecotMatch1.0.rc14

dovecotdovecotMatch1.0.rc15

dovecotdovecotMatch1.0.rc16

dovecotdovecotMatch1.0.rc17

dovecotdovecotMatch1.0.rc18

dovecotdovecotMatch1.0.rc19

dovecotdovecotMatch1.0.rc20

dovecotdovecotMatch1.0.rc21

dovecotdovecotMatch1.0.rc22

dovecotdovecotMatch1.0.rc23

dovecotdovecotMatch1.0.rc24

dovecotdovecotMatch1.0.rc25

dovecotdovecotMatch1.0.rc26

dovecotdovecotMatch1.0.rc27

dovecotdovecotMatch1.0.rc28

References

dovecot.org/doc/NEWS

dovecot.org/list/dovecot-cvs/2007-March/008488.html

dovecot.org/list/dovecot-news/2007-March/000038.html

secunia.com/advisories/25072

secunia.com/advisories/30342

www.debian.org/security/2007/dsa-1359

www.novell.com/linux/security/advisories/2007_8_sr.html

www.redhat.com/support/errata/RHSA-2008-0297.html

www.securityfocus.com/archive/1/466168/100/0/threaded

www.securityfocus.com/bid/23552

www.ubuntu.com/usn/usn-487-1

www.vupen.com/english/advisories/2007/1452

exchange.xforce.ibmcloud.com/vulnerabilities/34082

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10995

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.6%

JSON

Related for NVD:CVE-2007-2231

veracode1 openvas9 securityvulns2 debiancve1 cvelist1 prion1 debian1 ubuntucve1 nessus6 ubuntu1 cve1 fedora1 oraclelinux1 redhat1