Details of VAR-200011-0041

ID

VAR-200011-0041

CVE

CVE-2000-0825

TITLE

Ipswitch IMail Web service" HOST Denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200011-049

DESCRIPTION

Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash. IPSwitch IMail is an e-mail server which provides WWW (HTTP) E-mail services. By default this web service resides on port 8181 or 8383. Sending an HTTP request with an extremely long "HOST" field multiple times can cause the system hosting the service to become unresponsive. Each long request "kills" a thread without freeing up the memory used by it. By repeating this request, the system's resources can be used up completely. Ipswitch Imail 6.0 is vulnerable

Trust: 1.26

sources: NVD: CVE-2000-0825 // BID: 2011 // VULHUB: VHN-2395

AFFECTED PRODUCTS

vendor:	ipswitch	model:	imail	scope:	eq	version:	6.00	Trust: 1.6
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0	Trust: 0.3

sources: BID: 2011 // CNNVD: CNNVD-200011-049 // NVD: CVE-2000-0825

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2000-0825
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200011-049
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-2395
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2000-0825
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-2395
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-2395 // CNNVD: CNNVD-200011-049 // NVD: CVE-2000-0825

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0825

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200011-049

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 2011 // CNNVD: CNNVD-200011-049

EXTERNAL IDS

db:	BID	id:	2011	Trust: 2.0
db:	NVD	id:	CVE-2000-0825	Trust: 1.7
db:	CNNVD	id:	CNNVD-200011-049	Trust: 0.7
db:	BUGTRAQ	id:	20000817 IMAIL WEB SERVICE REMOTE DOS ATTACK V.2	Trust: 0.6
db:	XF	id:	5475	Trust: 0.6
db:	NTBUGTRAQ	id:	20000817 IMAIL WEB SERVICE REMOTE DOS ATTACK V.2	Trust: 0.6
db:	WIN2KSEC	id:	20000817 IMAIL WEB SERVICE REMOTE DOS ATTACK V.2	Trust: 0.6
db:	VULHUB	id:	VHN-2395	Trust: 0.1

sources: VULHUB: VHN-2395 // BID: 2011 // CNNVD: CNNVD-200011-049 // NVD: CVE-2000-0825

REFERENCES

url:	http://www.securityfocus.com/bid/2011	Trust: 1.7
url:	http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0071.html	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=96659012127444&w=2	Trust: 1.1
url:	http://marc.info/?l=ntbugtraq&m=96654521004571&w=2	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/5475	Trust: 1.1
url:	http://xforce.iss.net/static/5475.php	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=ntbugtraq&m=96654521004571&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=96659012127444&w=2	Trust: 0.6
url:	http://www.ipswitch.com/support/imail/patch-upgrades.html	Trust: 0.3

sources: VULHUB: VHN-2395 // BID: 2011 // CNNVD: CNNVD-200011-049 // NVD: CVE-2000-0825

CREDITS

This vulnerability was revealed in an eEye advisory (#AD20000817) dated August 17, 2000.

Trust: 0.9

sources: BID: 2011 // CNNVD: CNNVD-200011-049

SOURCES

db:	VULHUB	id:	VHN-2395
db:	BID	id:	2011
db:	CNNVD	id:	CNNVD-200011-049
db:	NVD	id:	CVE-2000-0825

LAST UPDATE DATE

2024-08-14T14:36:03.582000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-2395	date:	2017-10-10T00:00:00
db:	BID	id:	2011	date:	2000-08-17T00:00:00
db:	CNNVD	id:	CNNVD-200011-049	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2000-0825	date:	2017-10-10T01:29:19.077

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-2395	date:	2000-11-14T00:00:00
db:	BID	id:	2011	date:	2000-08-17T00:00:00
db:	CNNVD	id:	CNNVD-200011-049	date:	2000-11-14T00:00:00
db:	NVD	id:	CVE-2000-0825	date:	2000-11-14T05:00:00