PT-2004-3478 · Smartertools · Smartermail
Publicado
2004-12-31
·
Atualizado
2017-07-11
·
CVE-2004-2587
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
SmarterTools SmarterMail versions 1.6.1511 through 1.6.1529
Description
The issue allows remote attackers to cause a denial of service, possibly due to a buffer overflow, by exploiting the
txtusername parameter in the "login.aspx" endpoint.Recommendations
For versions 1.6.1511 through 1.6.1529, consider restricting access to the "login.aspx" endpoint to minimize the risk of exploitation. Avoid using long values for the
txtusername parameter until the issue is resolved.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Smartermail