Vulnerability Description
MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mailwasher | Mailwasher Server | <= 2.2.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/37538
- http://secunia.com/advisories/25695PatchVendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=515127
- http://www.securityfocus.com/bid/24507
- http://www.vupen.com/english/advisories/2007/2239Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34925
- http://osvdb.org/37538
- http://secunia.com/advisories/25695PatchVendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=515127
- http://www.securityfocus.com/bid/24507
- http://www.vupen.com/english/advisories/2007/2239Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34925
FAQ
What is CVE-2007-3275?
CVE-2007-3275 is a vulnerability with a CVSS score of 7.1 (HIGH). MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the s...
How severe is CVE-2007-3275?
CVE-2007-3275 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3275?
Check the references section above for vendor advisories and patch information. Affected products include: Mailwasher Mailwasher Server.