var-200512-0015
Vulnerability from variot
The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory. Successful exploitation will cause the affected server to crash, effectively denying service to legitimate users. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. Ipswitch IMail IMAP List Command DoS Vulnerability
iDEFENSE Security Advisory 12.06.05 www.idefense.com/application/poi/display?id=347&type=vulnerabilities December 6, 2005
I. BACKGROUND
Ipswitch Imail Server is an email server that is part of the IpSwitch Collaboration suit. Imail Supports POP3, SMTP, IMAP and web based email access. More Information can be located on the vendor\x92s site at:
http://www.ipswitch.com/Products/collaboration/index.html
II.
The problem specifically exists in handling long arguments to the LIST command. When a LIST command of approximately 8000 bytes is supplied, internal string parsing routines can be manipulated in such a way as to reference non-allocated sections of memory. This parsing error results in an unhandled access violation, forcing the daemon to exit.
III. The LIST command is only available post authentication and therefore valid credentials are required to exploit this vulnerability.
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in Ipswitch IMail 8.2.
V. WORKAROUND
As this vulnerability is exploited after authentication occurs, ensuring that only trusted users have accounts can mitigate the risk somewhat. As a more effective workaround, consider limiting access to the IMAP server by filtering TCP port 143. If possible, consider disabling IMAP and forcing users to use POP3.
VI. VENDOR RESPONSE
Ipswitch Collaboration Suite 2.02 has been released to address this issue and is available for download at:
http://www.ipswitch.com/support/ics/updates/ics202.asp
IMail Server 8.22 Patch has been released to address this issue and is available for download at:
http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-2923 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
09/08/2005 Initial vendor notification 09/13/2005 Initial vendor response 10/06/2005 Coordinated public disclosure
IX. CREDIT
Sebastian Apelt is credited with discovering this vulnerability.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events http://labs.idefense.com
X. LEGAL NOTICES
Copyright \xa9 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
1) A format string error exists in the SMTPD32 service when parsing arguments supplied to the "expn", "mail", "mail from", and "rcpt to" commands. This can be exploited to execute arbitrary code via specially crafted arguments sent to the affected commands.
The vulnerabilities have been reported in IMail Server version 8.20. Other versions prior to 8.22 may also be affected.
SOLUTION: Update to the fixed versions. http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp
Ipswitch Collaboration Suite 2.0: Update to version 2.02. http://www.ipswitch.com/support/ics/updates/ics202.asp
PROVIDED AND/OR DISCOVERED BY: 1) Nico 2) Sebastian Apelt
ORIGINAL ADVISORY: http://www.idefense.com/application/poi/display?id=346&type=vulnerabilities http://www.idefense.com/application/poi/display?id=347&type=vulnerabilities
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0015",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "2.01"
},
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2.0"
},
{
"model": "imail server",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "8.20"
},
{
"model": "collaboration suite",
"scope": null,
"trust": 0.3,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.20"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"model": "collaboration suite",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2.02"
},
{
"model": "imail",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
},
{
"model": "imail hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
}
],
"sources": [
{
"db": "BID",
"id": "15753"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Apelt",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
],
"trust": 0.6
},
"cve": "CVE-2005-2923",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2005-2923",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-14132",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-2923",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-106",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-14132",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory. \nSuccessful exploitation will cause the affected server to crash, effectively denying service to legitimate users. Ipswitch IMail Server is an American Ipswitch company\u0027s mail server running on the Microsoft Windows operating system. Ipswitch IMail IMAP List Command DoS Vulnerability\n\niDEFENSE Security Advisory 12.06.05\nwww.idefense.com/application/poi/display?id=347\u0026type=vulnerabilities\nDecember 6, 2005\n\nI. BACKGROUND\n\nIpswitch Imail Server is an email server that is part of the IpSwitch\nCollaboration suit. Imail Supports POP3, SMTP, IMAP and web based email\naccess. More Information can be located on the vendor\\x92s site at:\n\nhttp://www.ipswitch.com/Products/collaboration/index.html\n\nII. \n\nThe problem specifically exists in handling long arguments to the LIST\ncommand. When a LIST command of approximately 8000 bytes is supplied,\ninternal string parsing routines can be manipulated in such a way as to\nreference non-allocated sections of memory. This parsing error results\nin an unhandled access violation, forcing the daemon to exit. \n\nIII. The LIST command is only available\npost authentication and therefore valid credentials are required to\nexploit this vulnerability. \n\nIV. DETECTION\n\niDEFENSE has confirmed the existence of this vulnerability in Ipswitch\nIMail 8.2. \n\nV. WORKAROUND\n\nAs this vulnerability is exploited after authentication occurs, ensuring\nthat only trusted users have accounts can mitigate the risk somewhat. As\na more effective workaround, consider limiting access to the IMAP server\nby filtering TCP port 143. If possible, consider disabling IMAP and\nforcing users to use POP3. \n\nVI. VENDOR RESPONSE\n\nIpswitch Collaboration Suite 2.02 has been released to address this\nissue and is available for download at:\n\nhttp://www.ipswitch.com/support/ics/updates/ics202.asp\n\nIMail Server 8.22 Patch has been released to address this issue and is\navailable for download at:\n\nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CAN-2005-2923 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n09/08/2005 Initial vendor notification\n09/13/2005 Initial vendor response\n10/06/2005 Coordinated public disclosure\n\nIX. CREDIT\n\nSebastian Apelt is credited with discovering this vulnerability. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2005 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\n1) A format string error exists in the SMTPD32 service when parsing\narguments supplied to the \"expn\", \"mail\", \"mail from\", and \"rcpt to\"\ncommands. This can be exploited to execute arbitrary code via\nspecially crafted arguments sent to the affected commands. \n\nThe vulnerabilities have been reported in IMail Server version 8.20. \nOther versions prior to 8.22 may also be affected. \n\nSOLUTION:\nUpdate to the fixed versions. \nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp\n\nIpswitch Collaboration Suite 2.0:\nUpdate to version 2.02. \nhttp://www.ipswitch.com/support/ics/updates/ics202.asp\n\nPROVIDED AND/OR DISCOVERED BY:\n1) Nico\n2) Sebastian Apelt\n\nORIGINAL ADVISORY:\nhttp://www.idefense.com/application/poi/display?id=346\u0026type=vulnerabilities\nhttp://www.idefense.com/application/poi/display?id=347\u0026type=vulnerabilities\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2923"
},
{
"db": "BID",
"id": "15753"
},
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "PACKETSTORM",
"id": "42191"
},
{
"db": "PACKETSTORM",
"id": "42134"
}
],
"trust": 1.44
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-14132",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-2923",
"trust": 2.1
},
{
"db": "BID",
"id": "15753",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "17863",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1015318",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2005-2782",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20051206 IPSWITCH IMAIL IMAP LIST COMMAND DOS VULNERABILITY",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "42191",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-14132",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "42134",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "BID",
"id": "15753"
},
{
"db": "PACKETSTORM",
"id": "42191"
},
{
"db": "PACKETSTORM",
"id": "42134"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"id": "VAR-200512-0015",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:10:23.332000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.idefense.com/application/poi/display?id=347\u0026type=vulnerabilities"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15753"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015318"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17863"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2005/2782"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2005/2782"
},
{
"trust": 0.3,
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?type=vulnerabilities\u0026id=347"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.2,
"url": "http://www.ipswitch.com/support/ics/updates/ics202.asp"
},
{
"trust": 0.2,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=347\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2923"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/products/collaboration/index.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=346\u0026type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3048/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17863/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5167/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "BID",
"id": "15753"
},
{
"db": "PACKETSTORM",
"id": "42191"
},
{
"db": "PACKETSTORM",
"id": "42134"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "BID",
"id": "15753"
},
{
"db": "PACKETSTORM",
"id": "42191"
},
{
"db": "PACKETSTORM",
"id": "42134"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-14132"
},
{
"date": "2005-12-06T00:00:00",
"db": "BID",
"id": "15753"
},
{
"date": "2005-12-09T16:47:24",
"db": "PACKETSTORM",
"id": "42191"
},
{
"date": "2005-12-07T17:36:35",
"db": "PACKETSTORM",
"id": "42134"
},
{
"date": "2005-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-106"
},
{
"date": "2005-12-07T01:03:00",
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-14132"
},
{
"date": "2009-07-12T17:56:00",
"db": "BID",
"id": "15753"
},
{
"date": "2005-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-106"
},
{
"date": "2024-11-21T00:00:43.790000",
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "42191"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail IMAP LIST Command Remote Denial of Service Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.