CVE-2005-0315
Published Jan 27, 2005
Last updated 7 years ago
Overview
- Description
- The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amax_information_technologies:magic_winmail_server:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "661FB8A8-F851-44B8-90C4-4636A2C0AED3"
}
],
"operator": "OR"
}
]
}
]