CVE-2006-3215 - Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remo

CVE-2006-3215

Summary

Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to bypass the "text analysis", possibly bypassing SPAM and other filters, by sending an e-mail specifying a non-existent or unrecognized character set. This vulnerability is addressed in the following product releases: Clearswift, MAILsweeper for SMTP, 4.3.20 Clearswift, MAILsweeper for Exchange, 4.3.20

References

Vulnerable Configurations

cpe:2.3:a:clearswift:mailsweeper_for_exchange:*:*:*:*:*:*:*:*
cpe:2.3:a:clearswift:mailsweeper_for_exchange:*:*:*:*:*:*:*:*
cpe:2.3:a:clearswift:mailsweeper_for_smtp:*:*:*:*:*:*:*:*
cpe:2.3:a:clearswift:mailsweeper_for_smtp:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	18584
confirm	http://download.mimesweeper.com/www/TechnicalDocumentation/ReadMe_MSW_4,3,20.htm
osvdb	26737
secunia	20756
vupen	ADV-2006-2473
xf	mailsweeper-charcter-set-security-bypass(27301)

Last major update

20-07-2017 - 01:32

Published

24-06-2006 - 01:06

Last modified

20-07-2017 - 01:32