Details of VAR-200210-0230

ID

VAR-200210-0230

CVE

CVE-2002-1077

TITLE

IPSwitch IMail Web Calendar Incomplete Mail Service Rejection Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200210-198

DESCRIPTION

IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field. IMail is a commercial email server software package distributed and maintained by Ipswitch, Incorporated. IMail is available for Microsoft Operating Systems. It has been reported that such a transaction with the service results in a crash of the iwebcal service

Trust: 1.26

sources: NVD: CVE-2002-1077 // BID: 5365 // VULHUB: VHN-5465

AFFECTED PRODUCTS

vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.7	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.6	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.5	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.4	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.3	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.2	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.1	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.4	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.3	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.1	Trust: 1.6
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.2	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.1	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.6	Trust: 0.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0	Trust: 0.3

sources: BID: 5365 // CNNVD: CNNVD-200210-198 // NVD: CVE-2002-1077

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1077
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200210-198
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5465
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1077
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5465
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5465 // CNNVD: CNNVD-200210-198 // NVD: CVE-2002-1077

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1077

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200210-198

TYPE

Design Error

Trust: 0.9

sources: BID: 5365 // CNNVD: CNNVD-200210-198

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-5465

EXTERNAL IDS

db:	BID	id:	5365	Trust: 2.0
db:	NVD	id:	CVE-2002-1077	Trust: 2.0
db:	CNNVD	id:	CNNVD-200210-198	Trust: 0.7
db:	XF	id:	9722	Trust: 0.6
db:	BUGTRAQ	id:	20020730 IPSWITCH IMAIL ADVISORY #2	Trust: 0.6
db:	EXPLOIT-DB	id:	21673	Trust: 0.1
db:	SEEBUG	id:	SSVID-75496	Trust: 0.1
db:	VULHUB	id:	VHN-5465	Trust: 0.1

sources: VULHUB: VHN-5465 // BID: 5365 // CNNVD: CNNVD-200210-198 // NVD: CVE-2002-1077

REFERENCES

url:	http://www.securityfocus.com/bid/5365	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2002-07/0399.html	Trust: 1.7
url:	http://www.iss.net/security_center/static/9722.php	Trust: 1.7
url:	http://www.ipswitch.com/support/imail/patch-upgrades.html	Trust: 0.3

sources: VULHUB: VHN-5465 // BID: 5365 // CNNVD: CNNVD-200210-198 // NVD: CVE-2002-1077

CREDITS

Vulnerability discovery credited to <2c79cbe14ac7d0b8472d3f129fa1df55@hush.com>.

Trust: 0.9

sources: BID: 5365 // CNNVD: CNNVD-200210-198

SOURCES

db:	VULHUB	id:	VHN-5465
db:	BID	id:	5365
db:	CNNVD	id:	CNNVD-200210-198
db:	NVD	id:	CVE-2002-1077

LAST UPDATE DATE

2024-08-14T15:20:20.205000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5465	date:	2008-09-05T00:00:00
db:	BID	id:	5365	date:	2009-07-11T14:56:00
db:	CNNVD	id:	CNNVD-200210-198	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1077	date:	2008-09-05T20:29:43.113

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5465	date:	2002-10-04T00:00:00
db:	BID	id:	5365	date:	2002-07-30T00:00:00
db:	CNNVD	id:	CNNVD-200210-198	date:	2002-10-04T00:00:00
db:	NVD	id:	CVE-2002-1077	date:	2002-10-04T04:00:00