VAR-200412-1061
Vulnerability from variot - Updated: 2023-12-18 13:35Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command. Ipswitch IMail is reported prone to a remote buffer overflow vulnerability. This issue exists due to insufficient boundary checks performed by the application. Ipswitch IMail 8.13 is reported prone to this vulnerability. It is possible that other versions are affected as well. Ipswitch IMail Server is a powerful email solution. Ipswitch IMail Server handles the DELETE command incorrectly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-1061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "imail",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
}
],
"sources": [
{
"db": "BID",
"id": "11675"
},
{
"db": "NVD",
"id": "CVE-2004-1520"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1520"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jerome\u203b jerome@athias.fr",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
],
"trust": 0.6
},
"cve": "CVE-2004-1520",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-9950",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1520",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-722",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-9950",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9950"
},
{
"db": "NVD",
"id": "CVE-2004-1520"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command. Ipswitch IMail is reported prone to a remote buffer overflow vulnerability. This issue exists due to insufficient boundary checks performed by the application. \nIpswitch IMail 8.13 is reported prone to this vulnerability. It is possible that other versions are affected as well. Ipswitch IMail Server is a powerful email solution. Ipswitch IMail Server handles the DELETE command incorrectly",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1520"
},
{
"db": "BID",
"id": "11675"
},
{
"db": "VULHUB",
"id": "VHN-9950"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-9950",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9950"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "11675",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2004-1520",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "13200",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722",
"trust": 0.7
},
{
"db": "XF",
"id": "18058",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "7108",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20041112 IPSWITCH-IMAIL-8.13 STACK OVERFLOW IN THE DELETE COMMAND",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-70993",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-70991",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16479",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "627",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "1151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83023",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82989",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-9950",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9950"
},
{
"db": "BID",
"id": "11675"
},
{
"db": "NVD",
"id": "CVE-2004-1520"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
]
},
"id": "VAR-200412-1061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9950"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:35:45.281000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1520"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/11675"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/13200"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18058"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=110037283803560\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/18058"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=110037283803560\u0026w=2"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/7108"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im814.html"
},
{
"trust": 0.3,
"url": "/archive/1/381027"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=110037283803560\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9950"
},
{
"db": "BID",
"id": "11675"
},
{
"db": "NVD",
"id": "CVE-2004-1520"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-9950"
},
{
"db": "BID",
"id": "11675"
},
{
"db": "NVD",
"id": "CVE-2004-1520"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-9950"
},
{
"date": "2004-11-13T00:00:00",
"db": "BID",
"id": "11675"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-1520"
},
{
"date": "2004-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9950"
},
{
"date": "2004-11-13T00:00:00",
"db": "BID",
"id": "11675"
},
{
"date": "2017-07-11T01:31:06.277000",
"db": "NVD",
"id": "CVE-2004-1520"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPSwitch IMail 8.13 Remotely DELETE Command buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "11675"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…