CVE-2004-2423 |
|
发布时间 :2004-12-31 00:00:00 | ||
修订时间 :2017-07-10 21:31:52 | ||||
NMCO |
[原文]Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content."
[CNNVD]Ipswitch IMail服务器多个缓冲区溢出服务拒绝漏洞(CNNVD-200412-160)
Ipswitch IMail Server 8.13以前版本的Web calendaring组件存在位置漏洞。远程攻击者可以借助 "specific content"导致服务拒绝(崩溃)。
- CVSS (基础分值)
CVSS分值: | 5 | [中等(MEDIUM)] |
机密性影响: | [--] | |
完整性影响: | [--] | |
可用性影响: | [--] | |
攻击复杂度: | [--] | |
攻击向量: | [--] | |
身份认证: | [--] |
- CPE (受影响的平台与产品)
cpe:/a:ipswitch:imail:7.0.6 | Ipswitch IMail 7.0.6 |
cpe:/a:ipswitch:imail:7.0.7 | Ipswitch IMail 7.0.7 |
cpe:/a:ipswitch:imail:7.0.1 | Ipswitch IMail 7.0.1 |
cpe:/a:ipswitch:imail:7.0.2 | Ipswitch IMail 7.0.2 |
cpe:/a:ipswitch:imail:7.0.3 | Ipswitch IMail 7.0.3 |
cpe:/a:ipswitch:imail:7.0.4 | Ipswitch IMail 7.0.4 |
cpe:/a:ipswitch:imail:8.0.5 | Ipswitch IMail 8.0.5 |
cpe:/a:ipswitch:imail:5.0.7 | Ipswitch IMail 5.0.7 |
cpe:/a:ipswitch:imail:8.0.3 | Ipswitch IMail 8.0.3 |
cpe:/a:ipswitch:imail:6.0.6 | Ipswitch IMail 6.0.6 |
cpe:/a:ipswitch:imail:6.0.1 | Ipswitch IMail 6.0.1 |
cpe:/a:ipswitch:imail:6.0.5 | Ipswitch IMail 6.0.5 |
cpe:/a:ipswitch:imail:6.0.3 | Ipswitch IMail 6.0.3 |
cpe:/a:ipswitch:imail:6.0.4 | Ipswitch IMail 6.0.4 |
cpe:/a:ipswitch:imail:6.0.2 | Ipswitch IMail 6.0.2 |
cpe:/a:ipswitch:imail:5.0.5 | Ipswitch IMail 5.0.5 |
cpe:/a:ipswitch:imail:5.0.6 | Ipswitch IMail 5.0.6 |
cpe:/a:ipswitch:imail:6.0 | Ipswitch IMail 6.0 |
cpe:/a:ipswitch:imail:5.0.8 | Ipswitch IMail 5.0.8 |
cpe:/a:ipswitch:imail:6.4 | Ipswitch IMail 6.4 |
cpe:/a:ipswitch:imail:5.0 | Ipswitch IMail 5.0 |
cpe:/a:ipswitch:imail:7.12 | Ipswitch IMail 7.12 |
cpe:/a:ipswitch:imail:6.1 | Ipswitch IMail 6.1 |
cpe:/a:ipswitch:imail:6.2 | Ipswitch IMail 6.2 |
cpe:/a:ipswitch:imail:7.1 | Ipswitch IMail 7.1 |
cpe:/a:ipswitch:imail:6.3 | Ipswitch IMail 6.3 |
cpe:/a:ipswitch:imail:8.1 | Ipswitch IMail 8.1 |
cpe:/a:ipswitch:imail:7.0.5 | Ipswitch IMail 7.0.5 |
- OVAL (用于检测的技术细节)
未找到相关OVAL定义 |
- 官方数据库链接
- 其它链接及资源
http://securitytracker.com/id?1011146 (PATCH) SECTRACK 1011146 |
http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES (UNKNOWN) CONFIRM http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES |
http://www.securityfocus.com/bid/11106 (PATCH) BID 11106 |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17220 (UNKNOWN) XF ipswitch-web-calendaring-dos(17220) |
- 漏洞信息
Ipswitch IMail服务器多个缓冲区溢出服务拒绝漏洞 | |
中危 | 边界条件错误 |
2004-12-31 00:00:00 | 2005-10-20 00:00:00 |
远程 | |
Ipswitch IMail Server 8.13以前版本的Web calendaring组件存在位置漏洞。远程攻击者可以借助 "specific content"导致服务拒绝(崩溃)。 |
- 公告与补丁
The vendor has released version 8.13 to address these issues: Ipswitch IMail 8.1
|
- 漏洞信息
9553 | |
Ipswitch IMail Web Calendar Malformed Content DoS | |
Remote / Network Access | Denial of Service |
Loss of Availability | |
Exploit Unknown |
- 漏洞描述
Ipswitch IMail contains a flaw within the web calendar function that may allow an undisclosed denial of service. The issue is triggered when a user submits specially crafted calendar content, and will result in loss of availability for the calendar service. |
- 时间线
2004-09-03 | Unknow |
2004-09-03 | Unknow |
- 解决方案
Upgrade to version 8.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
- 相关参考
|
漏洞作者
Unknown or Incomplete |