ID CVE-2003-1330
Summary Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*
  • cpe:2.3:a:clearswift_limited:mailsweeper:4.3.6_sp1:*:smtp:*:*:*:*:*
    cpe:2.3:a:clearswift_limited:mailsweeper:4.3.6_sp1:*:smtp:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 7226
misc http://www.mimesweeper.com/download/bin/Patches/MAILsweeper_Patches_301_ReadMe.htm
xf mailsweeper-onstrip-bypass-filter(11745)
Last major update 29-07-2017 - 01:29
Published 31-12-2003 - 05:00
Back to Top