CVE-2017-18045 - JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote a

CVE-2017-18045

Summary

JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request.

References

https://www.directadmin.com/features.php?id=2036

Vulnerable Configurations

cpe:2.3:a:directadmin:directadmin:0.95:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:0.95:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.1:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.1:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.2:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.2:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.3:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.3:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.4:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.4:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.5:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.5:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.06:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.06:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.07:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.07:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.08:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.08:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.09:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.09:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.11:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.11:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.12:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.12:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.13:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.13:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.14:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.14:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.15:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.15:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.16:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.16:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.17:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.17:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.18:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.18:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.19:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.19:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.21:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.21:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.22:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.22:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.23:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.23:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.24:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.24:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.25:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.25:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.26:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.26:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.27:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.27:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.28:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.28:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.29:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.29:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.30.1:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.30.1:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.30.2:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.30.2:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.31:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.31:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.32:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.32:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.33:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.33:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.34:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.34:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.35:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.35:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.36:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.36:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.37:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.37:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.38:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.38:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.39:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.39:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.41:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.41:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.42:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.42:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.43:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.43:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.44:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.44:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.45:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.45:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.46:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.46:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.47:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.47:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.48:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.48:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.49:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.49:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.51:*:*:*:*:*:*:*
cpe:2.3:a:directadmin:directadmin:1.51:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm

https://www.directadmin.com/features.php?id=2036

Last major update

03-10-2019 - 00:03

Published

21-01-2018 - 07:29

Last modified

03-10-2019 - 00:03