Ability Mail Server < 2.61 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 4292

Synopsis

The remote mail server is affected by multiple denial of service vulnerabilities.

Description

The remote host appears to be running Ability POP3 Server. According to its banner, the installed version of Ability Mail Server is affected by two issues that could cause the application to crash. One involves messages that are changed to a blank string, the other concerns IMAP4 commands with malformed number list ranges. It is not currently known whether either or both issues can be exploited without authentication.

Solution

Upgrade to version 2.61 or higher.

See Also

http://www.code-crafters.com/abilitymailserver/updatelog.html

Plugin Details

Severity: Medium

ID: 4292

Family: POP Server

Published: 11/21/2007

Updated: 3/6/2019

Nessus ID: 28289

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:code-crafters:ability_mail_server

Reference Information

CVE: CVE-2007-6101

BID: 26514