CVE-2011-1407

{"id": "CVE-2011-1407", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-05-16T18:55:00.730", "references": [{"url": "http://www.debian.org/security/2011/dsa-2236", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/47836", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/USN-1135-1", "source": "cve@mitre.org"}, {"url": "https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity."}, {"lang": "es", "value": "La implementaci\u00f3n de DKIM en Exim v4.7x con anterioridad a v4.76 permite la comparaci\u00f3n de las identidades DKIM para aplicar a las operaciones de b\u00fasqueda art\u00edculos, en lugar de s\u00f3lo cadenas, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o acceso a un sistema de ficheros a trav\u00e9s de una identidad manipulada."}], "lastModified": "2011-09-07T03:15:53.893", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:exim:exim:4.70:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "452E9C94-B7FF-40A9-A7F9-FC38824F6135"}, {"criteria": "cpe:2.3:a:exim:exim:4.71:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8EB3709-D51F-46D1-99B8-CFB4C2275077"}, {"criteria": "cpe:2.3:a:exim:exim:4.72:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBDB2156-072B-4392-9DC8-266FF1B8C7A4"}, {"criteria": "cpe:2.3:a:exim:exim:4.73:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02F8A053-4578-4C45-A193-C188E45ED010"}, {"criteria": "cpe:2.3:a:exim:exim:4.74:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5DC11D6-F67F-40A8-B8BF-2E76DD2F9091"}, {"criteria": "cpe:2.3:a:exim:exim:4.75:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5854CAF2-1587-4B91-9F9B-E2C57C22C426"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}