CVE-2004-0332

Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=107783767517850&w=2
http://www.securityfocus.com/bid/9754	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15329

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:extremail:extremail:1.0:::::::*
	cpe:2.3:a:extremail:extremail:1.0.1:::::::*
	cpe:2.3:a:extremail:extremail:1.0.2:::::::*
	cpe:2.3:a:extremail:extremail:1.0.3:::::::*
	cpe:2.3:a:extremail:extremail:1.1:::::::*
	cpe:2.3:a:extremail:extremail:1.1.1:::::::*
	cpe:2.3:a:extremail:extremail:1.1.2:::::::*
	cpe:2.3:a:extremail:extremail:1.1.3:::::::*
	cpe:2.3:a:extremail:extremail:1.1.4:::::::*
	cpe:2.3:a:extremail:extremail:1.1.5:::::::*
	cpe:2.3:a:extremail:extremail:1.1.6:::::::*
	cpe:2.3:a:extremail:extremail:1.1.7:::::::*
	cpe:2.3:a:extremail:extremail:1.1.8:::::::*
	cpe:2.3:a:extremail:extremail:1.1.9:::::::*
	cpe:2.3:a:extremail:extremail:1.1.10:::::::*
	cpe:2.3:a:extremail:extremail:1.5:::::::*
	cpe:2.3:a:extremail:extremail:1.5.5:::::::*
	cpe:2.3:a:extremail:extremail:1.5.8:::::::*
	cpe:2.3:a:extremail:extremail:1.5.9:::::::*

History

No history.

Information

Published : 2004-11-23 05:00

Updated : 2017-07-11 01:30

NVD link : CVE-2004-0332

Mitre link : CVE-2004-0332

CVE.ORG link : CVE-2004-0332

JSON object : View

Products Affected

extremail

extremail

CWE

NVD-CWE-Other

{"id": "CVE-2004-0332", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-11-23T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=107783767517850&w=2", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/9754", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15329", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges."}], "lastModified": "2017-07-11T01:30:04.683", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:extremail:extremail:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72FC40F9-E186-43CA-8C85-EA91A8E91ED1"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F395FF0F-8CD2-4653-9C27-5329A37DCC40"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37AD1A31-7763-4540-9785-FDC168D7E62E"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20BDB6DF-6570-4AB1-8ACF-D2262C767EFD"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24C2B718-0D43-4305-9937-705696B6BEFC"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C48091F8-7F0D-4FA6-9FC4-2DCC121B368E"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E60F2FCF-E439-4321-ABE3-21DAC3ABED3E"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F168C99-99C5-4039-A6EB-15D2D094CBA3"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD5059DA-D66C-43F5-9DF0-5E9728AB8F22"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10300F83-95C3-4FAB-8918-B72E4AB1B2FF"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0D80F5F-767D-4E01-84BE-3F8418189819"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEF46411-F100-40B5-A021-09A5292B45F5"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B40D6E2-4B84-49D6-AC75-E1FBA9E607B1"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10617FD8-536F-4CA8-996D-7B8746822EF1"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA626C56-249A-4A9C-AC53-1DFEEDD9E68F"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0348B02A-ED79-472C-BF1C-095D23049099"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28F522C4-309C-49DF-B355-D51984ED21FF"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C97F601A-7259-4B7C-B9F2-A4BA4BB343ED"}, {"criteria": "cpe:2.3:a:extremail:extremail:1.5.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4C05AA5-4346-4F03-B875-7A010A53B4E9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}