CVE-2007-3803

The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/37974
http://secunia.com/advisories/25957	Vendor Advisory
http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_80_04.pdf
http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_81_01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35371

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:clavister:clavister_coreplus::::::::
	cpe:2.3:a:clavister:clavister_coreplus::::::::

History

No history.

Information

Published : 2007-07-16 23:30

Updated : 2023-12-10 10:40

NVD link : CVE-2007-3803

Mitre link : CVE-2007-3803

CVE.ORG link : CVE-2007-3803

JSON object : View

Products Affected

clavister

clavister_coreplus

CWE

NVD-CWE-Other

{"id": "CVE-2007-3803", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-07-16T23:30:00.000", "references": [{"url": "http://osvdb.org/37974", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25957", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_80_04.pdf", "source": "cve@mitre.org"}, {"url": "http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_81_01.pdf", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35371", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists."}, {"lang": "es", "value": "El ALG SMTP en Clavister CorePlus anterior a 8.80.04, y 8.81.00, no parchea adecuadamente comandos SMTP en ciertas circustacias, lo cual podr\u00eda permitir a atacantes remotos evitar direcciones de listas negras."}], "lastModified": "2017-07-29T01:32:32.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:clavister:clavister_coreplus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2675391A-B6B4-4A97-BF69-B62F8868BA73", "versionEndIncluding": "8.80.03"}, {"criteria": "cpe:2.3:a:clavister:clavister_coreplus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A172307-78BD-4860-9CE4-E940F4BCE760", "versionEndIncluding": "8.81.00"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}