CVE-2005-3182

Published Oct 20, 2005

Last updated 8 years ago

Overview

Description: Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gfi:mailsecurity:8.1:*:exchange_smtp:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B9C96A8-9760-42E7-A773-2DC4482D2A34"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References