CVE-2007-3275 - Vulnerability Details - OpenCVE

MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00612.

Key SSVC decision points have not yet been added.

Vendors	Products
Mailwasher	Mailwasher Server

Configuration 1 [-]

cpe:2.3:a:mailwasher:mailwasher_server:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2007-3265	MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://osvdb.org/37538
http://secunia.com/advisories/25695
http://sourceforge.net/project/shownotes.php?release_id=515127
http://www.securityfocus.com/bid/24507
http://www.vupen.com/english/advisories/2007/2239
https://exchange.xforce.ibmcloud.com/vulnerabilities/34925

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-19T21:00:00

Updated: 2024-08-07T14:14:12.426Z

Reserved: 2007-06-19T00:00:00

Link: CVE-2007-3275

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-06-19T21:30:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-3275

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-18T00:00:00", "descriptions": [{"lang": "en", "value": "MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "25695", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25695"}, {"name": "37538", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37538"}, {"name": "ADV-2007-2239", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2239"}, {"name": "mailwasher-logincheck-unauthorized-access(34925)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34925"}, {"name": "24507", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24507"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=515127"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3275", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "25695", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25695"}, {"name": "37538", "refsource": "OSVDB", "url": "http://osvdb.org/37538"}, {"name": "ADV-2007-2239", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2239"}, {"name": "mailwasher-logincheck-unauthorized-access(34925)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34925"}, {"name": "24507", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24507"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=515127", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=515127"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:14:12.426Z"}, "title": "CVE Program Container", "references": [{"name": "25695", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25695"}, {"name": "37538", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37538"}, {"name": "ADV-2007-2239", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2239"}, {"name": "mailwasher-logincheck-unauthorized-access(34925)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34925"}, {"name": "24507", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24507"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=515127"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3275", "datePublished": "2007-06-19T21:00:00", "dateReserved": "2007-06-19T00:00:00", "dateUpdated": "2024-08-07T14:14:12.426Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mailwasher:mailwasher_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "D77B45EB-7ABD-45C7-9FA5-A011F351272B", "versionEndIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "MailWasher Server versiones anteriores a 2.2.1, cuando es usado con LDAP o Active Directory (AD), no maneja apropiadamente las contrase\u00f1as en blanco, lo que permite a atacantes remotos acceder a una cuenta de usuario arbitraria y leer los mensajes de correo electr\u00f3nico de tipo spam almacenados posiblemente relacionados con la funci\u00f3n LoginCheck::doPost en el archivo mwi/servlet/Login.cpp. NOTA: algunos de estos datos son obtenidos a partir de informaci\u00f3n de terceros."}], "evaluatorImpact": "Successful exploitation requires knowledge of a valid username and that MailWasher Server is integrated into an AD domain or LDAP repository.", "id": "CVE-2007-3275", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-19T21:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/37538"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25695"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=515127"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24507"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2239"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34925"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/37538"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25695"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=515127"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/24507"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2239"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34925"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}