Vulnerability Description
Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | All Windows | All versions |
| Clearswift Limited | Mailsweeper | 4.3.6_sp1 |
References
- http://www.mimesweeper.com/download/bin/Patches/MAILsweeper_Patches_301_ReadMe.h
- http://www.securityfocus.com/bid/7226
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11745
- http://www.mimesweeper.com/download/bin/Patches/MAILsweeper_Patches_301_ReadMe.h
- http://www.securityfocus.com/bid/7226
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11745
FAQ
What is CVE-2003-1330?
CVE-2003-1330 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAI...
How severe is CVE-2003-1330?
CVE-2003-1330 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1330?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft All Windows, Clearswift Limited Mailsweeper.