Vulnerability Description
The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Network Associates | Webshield | 4.5.44 |
References
- http://www.osvdb.org/326
- http://www.securityfocus.com/bid/1253
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD4118
- http://www.osvdb.org/326
- http://www.securityfocus.com/bid/1253
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD4118
FAQ
What is CVE-2000-0448?
CVE-2000-0448 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access th...
How severe is CVE-2000-0448?
CVE-2000-0448 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0448?
Check the references section above for vendor advisories and patch information. Affected products include: Network Associates Webshield.