CVE-2006-6997

Current Description

Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792.

Basic Data

PublishedFebruary 12, 2007
Last ModifiedSeptember 05, 2008
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-287
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMailenableMailenable Enterprise1.0*******
    2.3ApplicationMailenableMailenable Enterprise1.00*******
    2.3ApplicationMailenableMailenable Enterprise1.01*******
    2.3ApplicationMailenableMailenable Enterprise1.1*******
    2.3ApplicationMailenableMailenable Enterprise1.02*******
    2.3ApplicationMailenableMailenable Enterprise1.2*******
    2.3ApplicationMailenableMailenable Enterprise1.03*******
    2.3ApplicationMailenableMailenable Enterprise1.04*******
    2.3ApplicationMailenableMailenable Standard1.71*******
    2.3ApplicationMailenableMailenable Standard1.72*******
    2.3ApplicationMailenableMailenable Standard1.701*******
    2.3ApplicationMailenableMailenable Standard1.702*******
    2.3ApplicationMailenableMailenable Standard1.703*******
    2.3ApplicationMailenableMailenable Standard1.704*******

Vulnerable Software List

VendorProductVersions
Mailenable Mailenable Enterprise 1.0, 1.00, 1.01, 1.02, 1.03, 1.04, 1.1, 1.2
Mailenable Mailenable Standard 1.701, 1.702, 1.703, 1.704, 1.71, 1.72

References

NameSourceURLTags
20060320 [MU-200603-01] MailEnable POP3 Pre-Authentication Buffer Overflowhttp://archives.neohapsis.com/archives/fulldisclosure/2006-03/1359.htmlFULLDISCVendor Advisory
http://www.mailenable.com/enterprisehistory.asphttp://www.mailenable.com/enterprisehistory.aspCONFIRMVendor Advisory
http://www.mailenable.com/professionalhistory.asphttp://www.mailenable.com/professionalhistory.aspCONFIRMVendor Advisory
http://www.mailenable.com/standardhistory.asphttp://www.mailenable.com/standardhistory.aspCONFIRMVendor Advisory