CVE-2007-3803 - The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP command

CVE-2007-3803

Summary

The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists.

References

http://osvdb.org/37974
http://secunia.com/advisories/25957
http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_80_04.pdf
http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_81_01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35371

Vulnerable Configurations

cpe:2.3:a:clavister:clavister_coreplus:*:*:*:*:*:*:*:*
cpe:2.3:a:clavister:clavister_coreplus:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm	http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_80_04.pdf http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_81_01.pdf
osvdb	37974
secunia	25957
xf	clavister-smtp-security-bypass(35371)

Last major update

29-07-2017 - 01:32

Published

16-07-2007 - 23:30

Last modified

29-07-2017 - 01:32