Vulnerabilites related to clearswift - mimesweeper_for_web
cve-2005-4526
Vulnerability from cvelistv5
Published
2005-12-28 01:00
Modified
2024-08-07 23:46
Severity ?
EPSS score ?
Summary
Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 allows remote attackers to bypass filtering via a URL that does not include a .exe extension but returns an executable file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/23867 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/419904/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.digitalarmaments.com/2005161283546323.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/15982/ | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mimesweeper-attachment-filter-bypass(23867)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23867"
},
{
"name": "20051220 Digital Armaments Security Advisory 12.20.2005: WEBsweeper/MIMEsweeper Executable File Content Check bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419904/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalarmaments.com/2005161283546323.html"
},
{
"name": "15982",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15982/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 allows remote attackers to bypass filtering via a URL that does not include a .exe extension but returns an executable file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mimesweeper-attachment-filter-bypass(23867)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23867"
},
{
"name": "20051220 Digital Armaments Security Advisory 12.20.2005: WEBsweeper/MIMEsweeper Executable File Content Check bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419904/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalarmaments.com/2005161283546323.html"
},
{
"name": "15982",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15982/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 allows remote attackers to bypass filtering via a URL that does not include a .exe extension but returns an executable file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mimesweeper-attachment-filter-bypass(23867)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23867"
},
{
"name": "20051220 Digital Armaments Security Advisory 12.20.2005: WEBsweeper/MIMEsweeper Executable File Content Check bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419904/100/0/threaded"
},
{
"name": "http://www.digitalarmaments.com/2005161283546323.html",
"refsource": "MISC",
"url": "http://www.digitalarmaments.com/2005161283546323.html"
},
{
"name": "15982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15982/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4526",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2703
Vulnerability from cvelistv5
Published
2007-10-06 21:00
Modified
2024-08-08 01:36
Severity ?
EPSS score ?
Summary
Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as "Clean" instead of "Encrypted".
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18035 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/11669 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/13160 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/11602 | vdb-entry, x_refsource_OSVDB | |
| http://download.mimesweeper.com/www/TechnicalDocumentation/MSWSMTP505UpdateReadMe.htm | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mimesweeper-smtp-scan-bypass(18035)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18035"
},
{
"name": "11669",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11669"
},
{
"name": "13160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13160"
},
{
"name": "11602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11602"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.mimesweeper.com/www/TechnicalDocumentation/MSWSMTP505UpdateReadMe.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as \"Clean\" instead of \"Encrypted\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mimesweeper-smtp-scan-bypass(18035)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18035"
},
{
"name": "11669",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11669"
},
{
"name": "13160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13160"
},
{
"name": "11602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11602"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.mimesweeper.com/www/TechnicalDocumentation/MSWSMTP505UpdateReadMe.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as \"Clean\" instead of \"Encrypted\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mimesweeper-smtp-scan-bypass(18035)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18035"
},
{
"name": "11669",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11669"
},
{
"name": "13160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13160"
},
{
"name": "11602",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11602"
},
{
"name": "http://download.mimesweeper.com/www/TechnicalDocumentation/MSWSMTP505UpdateReadMe.htm",
"refsource": "CONFIRM",
"url": "http://download.mimesweeper.com/www/TechnicalDocumentation/MSWSMTP505UpdateReadMe.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2703",
"datePublished": "2007-10-06T21:00:00",
"dateReserved": "2007-10-06T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3523
Vulnerability from cvelistv5
Published
2006-07-12 00:00
Modified
2024-08-07 18:30
Severity ?
EPSS score ?
Summary
Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to cause a denial of service (crash) via an encrypted archived .RAR file, which triggers a scan error and causes the Web Policy Engine service to terminate.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27643 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/20998 | third-party-advisory, x_refsource_SECUNIA | |
| http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/2731 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mimesweeper-web-policy-dos(27643)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27643"
},
{
"name": "20998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20998"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm"
},
{
"name": "ADV-2006-2731",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2731"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to cause a denial of service (crash) via an encrypted archived .RAR file, which triggers a scan error and causes the Web Policy Engine service to terminate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mimesweeper-web-policy-dos(27643)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27643"
},
{
"name": "20998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20998"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm"
},
{
"name": "ADV-2006-2731",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2731"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to cause a denial of service (crash) via an encrypted archived .RAR file, which triggers a scan error and causes the Web Policy Engine service to terminate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mimesweeper-web-policy-dos(27643)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27643"
},
{
"name": "20998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20998"
},
{
"name": "http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm",
"refsource": "CONFIRM",
"url": "http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm"
},
{
"name": "ADV-2006-2731",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2731"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3523",
"datePublished": "2006-07-12T00:00:00",
"dateReserved": "2006-07-11T00:00:00",
"dateUpdated": "2024-08-07T18:30:34.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1715
Vulnerability from cvelistv5
Published
2005-02-26 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10918 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=109225567212978&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.nl/0408-exploits/clearswift.txt | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=109224211512029&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/12273 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16960 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10918",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10918"
},
{
"name": "20040811 Re: Clearswift Mimesweeper Path Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109225567212978\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.nl/0408-exploits/clearswift.txt"
},
{
"name": "20040811 Clearswift Mimesweeper Path Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109224211512029\u0026w=2"
},
{
"name": "12273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12273"
},
{
"name": "mimesweeper-directory-traversal(16960)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16960"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via \"..\\\\\", \"..\\\", and similar dot dot sequences in the URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10918",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10918"
},
{
"name": "20040811 Re: Clearswift Mimesweeper Path Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109225567212978\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.nl/0408-exploits/clearswift.txt"
},
{
"name": "20040811 Clearswift Mimesweeper Path Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109224211512029\u0026w=2"
},
{
"name": "12273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12273"
},
{
"name": "mimesweeper-directory-traversal(16960)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16960"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via \"..\\\\\", \"..\\\", and similar dot dot sequences in the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10918"
},
{
"name": "20040811 Re: Clearswift Mimesweeper Path Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109225567212978\u0026w=2"
},
{
"name": "http://packetstormsecurity.nl/0408-exploits/clearswift.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.nl/0408-exploits/clearswift.txt"
},
{
"name": "20040811 Clearswift Mimesweeper Path Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109224211512029\u0026w=2"
},
{
"name": "12273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12273"
},
{
"name": "mimesweeper-directory-traversal(16960)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16960"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1715",
"datePublished": "2005-02-26T05:00:00",
"dateReserved": "2005-02-26T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3522
Vulnerability from cvelistv5
Published
2006-07-12 00:00
Modified
2024-08-07 18:30
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in an error message when trying to access a blocked web site.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1016454 | vdb-entry, x_refsource_SECTRACK | |
| http://marc.info/?l=full-disclosure&m=115253320721404&w=2 | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27642 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=full-disclosure&m=115249298204354&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/20998 | third-party-advisory, x_refsource_SECUNIA | |
| http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/440140/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2006/2731 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/18916 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/439641/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=full-disclosure&m=115253898206225&w=2 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016454",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016454"
},
{
"name": "20060710 Re: MIMESweeper For Web 5.X Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115253320721404\u0026w=2"
},
{
"name": "mimesweeper-error-xss(27642)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27642"
},
{
"name": "20060710 MIMESweeper For Web 5.X Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115249298204354\u0026w=2"
},
{
"name": "20998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20998"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm"
},
{
"name": "20060711 RE: MIMESweeper For Web 5.X Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440140/100/0/threaded"
},
{
"name": "ADV-2006-2731",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2731"
},
{
"name": "18916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18916"
},
{
"name": "20060710 RE: MIMESweeper For Web 5.X Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439641/100/0/threaded"
},
{
"name": "20060710 RE: MIMESweeper For Web 5.X Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115253898206225\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in an error message when trying to access a blocked web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1016454",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016454"
},
{
"name": "20060710 Re: MIMESweeper For Web 5.X Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115253320721404\u0026w=2"
},
{
"name": "mimesweeper-error-xss(27642)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27642"
},
{
"name": "20060710 MIMESweeper For Web 5.X Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115249298204354\u0026w=2"
},
{
"name": "20998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20998"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm"
},
{
"name": "20060711 RE: MIMESweeper For Web 5.X Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440140/100/0/threaded"
},
{
"name": "ADV-2006-2731",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2731"
},
{
"name": "18916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18916"
},
{
"name": "20060710 RE: MIMESweeper For Web 5.X Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439641/100/0/threaded"
},
{
"name": "20060710 RE: MIMESweeper For Web 5.X Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115253898206225\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in an error message when trying to access a blocked web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016454",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016454"
},
{
"name": "20060710 Re: MIMESweeper For Web 5.X Cross Site Scripting",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=115253320721404\u0026w=2"
},
{
"name": "mimesweeper-error-xss(27642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27642"
},
{
"name": "20060710 MIMESweeper For Web 5.X Cross Site Scripting",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=115249298204354\u0026w=2"
},
{
"name": "20998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20998"
},
{
"name": "http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm",
"refsource": "CONFIRM",
"url": "http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm"
},
{
"name": "20060711 RE: MIMESweeper For Web 5.X Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440140/100/0/threaded"
},
{
"name": "ADV-2006-2731",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2731"
},
{
"name": "18916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18916"
},
{
"name": "20060710 RE: MIMESweeper For Web 5.X Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439641/100/0/threaded"
},
{
"name": "20060710 RE: MIMESweeper For Web 5.X Cross Site Scripting",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=115253898206225\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3522",
"datePublished": "2006-07-12T00:00:00",
"dateReserved": "2006-07-11T00:00:00",
"dateUpdated": "2024-08-07T18:30:34.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2004-08-11 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clearswift | mimesweeper_for_web | 4.0 | |
| clearswift | mimesweeper_for_web | 5.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clearswift:mimesweeper_for_web:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "947EF78C-0E17-4C8E-AD28-F0534A20107F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clearswift:mimesweeper_for_web:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EAB5F2-58E0-4D58-9888-3AC2CEB0F580",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via \"..\\\\\", \"..\\\", and similar dot dot sequences in the URL."
}
],
"evaluatorSolution": "This was fixed in MIMEsweeper for Web v5.0.4.",
"id": "CVE-2004-1715",
"lastModified": "2024-11-20T23:51:34.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109224211512029\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109225567212978\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://packetstormsecurity.nl/0408-exploits/clearswift.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12273"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10918"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109224211512029\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109225567212978\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://packetstormsecurity.nl/0408-exploits/clearswift.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16960"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-12 00:05
Modified
2024-11-21 00:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in an error message when trying to access a blocked web site.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clearswift | mimesweeper_for_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clearswift:mimesweeper_for_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4870A9-1C01-49EC-B18D-EAD828FF5A48",
"versionEndIncluding": "5.1.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in an error message when trying to access a blocked web site."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Clearswift MIMEsweeper for Web versiones anteriores a 5.1.15 Hotfix, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de la URL, se ve reflejado en un mensaje de error cuando se intenta acceder a un sitio web bloqueado."
}
],
"id": "CVE-2006-3522",
"lastModified": "2024-11-21T00:13:48.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-12T00:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=115249298204354\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=115253320721404\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=115253898206225\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20998"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016454"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/439641/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/440140/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18916"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2731"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=115249298204354\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=115253320721404\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=115253898206225\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/439641/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/440140/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27642"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as "Clean" instead of "Encrypted".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clearswift | mailsweeper_business_suite_i | * | |
| clearswift | mailsweeper_business_suite_ii | * | |
| clearswift | mailsweeper_for_smtp | 4.3 | |
| clearswift | mimesweeper_for_web | 5.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clearswift:mailsweeper_business_suite_i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22D367E0-7BBF-4069-8BAF-22354D126362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clearswift:mailsweeper_business_suite_ii:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F701A23-4D0E-40D2-8CE9-3529346065F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clearswift:mailsweeper_for_smtp:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11667D6A-A1BA-4FF4-BE5F-194A743167FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clearswift:mimesweeper_for_web:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2D98B72C-99E5-4980-8305-EF40C469C33F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as \"Clean\" instead of \"Encrypted\"."
}
],
"id": "CVE-2004-2703",
"lastModified": "2024-11-20T23:54:01.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://download.mimesweeper.com/www/TechnicalDocumentation/MSWSMTP505UpdateReadMe.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13160"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/11602"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11669"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://download.mimesweeper.com/www/TechnicalDocumentation/MSWSMTP505UpdateReadMe.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/11602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18035"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-12 00:05
Modified
2024-11-21 00:13
Severity ?
Summary
Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to cause a denial of service (crash) via an encrypted archived .RAR file, which triggers a scan error and causes the Web Policy Engine service to terminate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clearswift | mimesweeper_for_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clearswift:mimesweeper_for_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4870A9-1C01-49EC-B18D-EAD828FF5A48",
"versionEndIncluding": "5.1.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to cause a denial of service (crash) via an encrypted archived .RAR file, which triggers a scan error and causes the Web Policy Engine service to terminate."
},
{
"lang": "es",
"value": "Clearswift MIMEsweeper para Web antes de 5.1.15 Hotfix permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un archivo .RAR encriptado archivado, lo que dispara un error de escaneado y provoca que termine el servicio de Web Policy Engine (Motor de Pol\u00edtica Web)."
}
],
"id": "CVE-2006-3523",
"lastModified": "2024-11-21T00:13:48.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-12T00:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/20998"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2731"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/20998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27643"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-28 01:03
Modified
2024-11-21 00:04
Severity ?
Summary
Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 allows remote attackers to bypass filtering via a URL that does not include a .exe extension but returns an executable file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clearswift | mimesweeper_for_web | 4.0 | |
| clearswift | mimesweeper_for_web | 5.0.1 | |
| clearswift | mimesweeper_for_web | 5.0.2 | |
| clearswift | mimesweeper_for_web | 5.0.3 | |
| clearswift | mimesweeper_for_web | 5.0.4 | |
| clearswift | mimesweeper_for_web | 5.0.5 | |
| clearswift | mimesweeper_for_web | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clearswift:mimesweeper_for_web:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "947EF78C-0E17-4C8E-AD28-F0534A20107F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clearswift:mimesweeper_for_web:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EAB5F2-58E0-4D58-9888-3AC2CEB0F580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clearswift:mimesweeper_for_web:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5B5254-0907-4BF7-95E4-C3C867D446B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clearswift:mimesweeper_for_web:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4446BA66-DC81-430B-B259-247E371054B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clearswift:mimesweeper_for_web:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "832A72B9-E466-4B4E-98D3-F7F4F8803B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clearswift:mimesweeper_for_web:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2D98B72C-99E5-4980-8305-EF40C469C33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clearswift:mimesweeper_for_web:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33679F4E-A838-4356-9EE2-0E8BBC5D224D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 allows remote attackers to bypass filtering via a URL that does not include a .exe extension but returns an executable file."
}
],
"id": "CVE-2005-4526",
"lastModified": "2024-11-21T00:04:29.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-28T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://www.digitalarmaments.com/2005161283546323.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/419904/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15982/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://www.digitalarmaments.com/2005161283546323.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/419904/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15982/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23867"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}