{ "id": "CVE-2007-6714", "sourceIdentifier": "cve@mitre.org", "published": "2008-04-17T22:05:00.000", "lastModified": "2024-11-21T00:40:49.747", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication." }, { "lang": "es", "value": "DBMail anterior a 2.2.9, cuando usa authldap con un servidor LDAP que soporta validaci\u00f3n (login) an\u00f3nima como en Active Directory, permite a atacantes remotos evitar la autenticaci\u00f3n con una contrase\u00f1a vac\u00eda, esto provoca que LDAP muestre un acceso v\u00e1lido bas\u00e1ndose en la autenticaci\u00f3n an\u00f3nima." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "baseScore": 6.8, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-287" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "FA4DB4CD-B262-4247-BD2E-F092BA6537BE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "A2580139-D5DB-4B4D-B6E7-F0957D4EE5FA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "F2FD1538-8288-4156-A181-BA077CED44A8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "D65C8E14-7FB2-41E5-8C74-5509D2FC4AB9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.7:rc2:*:*:*:*:*:*", "matchCriteriaId": "E76AF034-85D5-40F3-8C5B-85DBCCDF4E5A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.7:rc3:*:*:*:*:*:*", "matchCriteriaId": "10D91F87-6055-4186-855E-0BC198C0FF31" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.7:rc4:*:*:*:*:*:*", "matchCriteriaId": "51B8C537-0501-413B-8BE1-35D8845194B2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "604DBA7B-4C2A-425E-B243-677C0F3AB6C7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "7839DDA0-A977-4AE4-B1D4-28D0472E8EB0" } ] } ] } ], "references": [ { "url": "http://dbmail.org/index.php?page=news&id=44", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "http://osvdb.org/44561", "source": "cve@mitre.org" }, { "url": "http://secunia.com/advisories/29903", "source": "cve@mitre.org" }, { "url": "http://secunia.com/advisories/29937", "source": "cve@mitre.org" }, { "url": "http://secunia.com/advisories/29984", "source": "cve@mitre.org" }, { "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-24.xml", "source": "cve@mitre.org" }, { "url": "http://www.mail-archive.com/dbmail-dev%40dbmail.org/msg09942.html", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/bid/28849", "source": "cve@mitre.org" }, { "url": "http://www.securitytracker.com/id?1019914", "source": "cve@mitre.org" }, { "url": "http://www.vupen.com/english/advisories/2008/1321/references", "source": "cve@mitre.org" }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41907", "source": "cve@mitre.org" }, { "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00549.html", "source": "cve@mitre.org" }, { "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00585.html", "source": "cve@mitre.org" }, { "url": "http://dbmail.org/index.php?page=news&id=44", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "http://osvdb.org/44561", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://secunia.com/advisories/29903", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://secunia.com/advisories/29937", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://secunia.com/advisories/29984", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-24.xml", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.mail-archive.com/dbmail-dev%40dbmail.org/msg09942.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/bid/28849", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securitytracker.com/id?1019914", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.vupen.com/english/advisories/2008/1321/references", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41907", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00549.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00585.html", "source": "af854a3a-2127-422b-91ae-364da2661108" } ] }