CVE-2006-5313

Опубликовано: 17 окт. 2006

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary SMTP commands by placing them after a CRLF.CRLF sequence in the smtp_message parameter. NOTE: this crosses privilege boundaries if the SMTP server configuration prevents a user from establishing a direct SMTP session. NOTE: this is a different type of issue than CVE-2006-5262.

Ссылки

http://hastymail.sourceforge.net/security.php
Patch
http://secunia.com/advisories/22308
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/453417/100/0/threaded
http://www.securityfocus.com/bid/20424
Patch
http://www.vupen.com/english/advisories/2006/3956
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/29407
http://hastymail.sourceforge.net/security.php
Patch
http://secunia.com/advisories/22308
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/453417/100/0/threaded
http://www.securityfocus.com/bid/20424
Patch
http://www.vupen.com/english/advisories/2006/3956
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/29407

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hastymail:hastymail:*:*:*:*:*:*:*:*

Версия до 1.5 (включая)

cpe:2.3:a:hastymail:hastymail:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:hastymail:hastymail:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:hastymail:hastymail:1.1:*:*:*:*:*:*:*

cpe:2.3:a:hastymail:hastymail:1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.01023

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2006-5313

debian

около 19 лет назад

Hastymail 1.5 and earlier before 20061008 allows remote authenticated ...

GHSA-qgqm-rhx5-mcpm

github

больше 3 лет назад