Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2008-2784

Опубликовано: 19 июн. 2008
Источник: nvd
CVSS2: 6.4
EPSS Низкий

Описание

The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:spamdyke:spamdyke:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:spamdyke:spamdyke:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:spamdyke:spamdyke:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:spamdyke:spamdyke:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:spamdyke:spamdyke:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:spamdyke:spamdyke:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:spamdyke:spamdyke:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:spamdyke:spamdyke:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:spamdyke:spamdyke:3.1.6:*:*:*:*:*:*:*
cpe:2.3:a:spamdyke:spamdyke:3.1.7:*:*:*:*:*:*:*

EPSS

Процентиль: 68%
0.00585
Низкий

6.4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

github логотип

GHSA-23c2-5fj7-4rv3

github
больше 3 лет назад

The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.

EPSS

Процентиль: 68%
0.00585
Низкий

6.4 Medium

CVSS2

Дефекты

CWE-264