CVE-2007-3275

high

Description

MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/34925

http://www.vupen.com/english/advisories/2007/2239

http://www.securityfocus.com/bid/24507

http://sourceforge.net/project/shownotes.php?release_id=515127

http://secunia.com/advisories/25695

http://osvdb.org/37538

Details

Source: Mitre, NVD

Published: 2007-06-19

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00573