Vulnerability Description
The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Clavister | Clavister Coreplus | <= 8.80.03 |
References
- http://osvdb.org/37974
- http://secunia.com/advisories/25957Vendor Advisory
- http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_80_04.pdf
- http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_81_01.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35371
- http://osvdb.org/37974
- http://secunia.com/advisories/25957Vendor Advisory
- http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_80_04.pdf
- http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_81_01.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35371
FAQ
What is CVE-2007-3803?
CVE-2007-3803 is a vulnerability with a CVSS score of 10.0 (HIGH). The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists.
How severe is CVE-2007-3803?
CVE-2007-3803 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3803?
Check the references section above for vendor advisories and patch information. Affected products include: Clavister Clavister Coreplus.