CVE-2005-0315

high

Description

The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/19115

http://www.securityfocus.com/bid/12388

http://securitytracker.com/id?1013017

http://secunia.com/advisories/14053

http://marc.info/?l=bugtraq&m=110685011825461&w=2

Details

Source: Mitre, NVD

Published: 2005-01-27

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00365