ID

VAR-200110-0107


CVE

CVE-2001-1281


TITLE

Ipswitch IMail Server User Modification Vulnerability

Trust: 0.9

sources: BID: 3429 // CNNVD: CNNVD-200110-040

DESCRIPTION

Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. It is possible to specify another userid to whom changes in the editing form will be applied by simply modifying a hidden variable. Successful exploitation of this vulnerability could lead to a denial of service for the victim user. Vulnerabilities exist in Ipswitch IMail 7.04 and earlier versions of Web Messaging Server

Trust: 1.26

sources: NVD: CVE-2001-1281 // BID: 3429 // VULHUB: VHN-4086

AFFECTED PRODUCTS

vendor:ipswitchmodel:imailscope:eqversion:7.0.4

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:6.0.6

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:6.0.2

Trust: 1.9

sources: BID: 3429 // CNNVD: CNNVD-200110-040 // NVD: CVE-2001-1281

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-1281
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200110-040
value: MEDIUM

Trust: 0.6

VULHUB: VHN-4086
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2001-1281
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-4086
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-4086 // CNNVD: CNNVD-200110-040 // NVD: CVE-2001-1281

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1281

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200110-040

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200110-040

EXTERNAL IDS

db:NVDid:CVE-2001-1281

Trust: 2.0

db:BIDid:3429

Trust: 2.0

db:CNNVDid:CNNVD-200110-040

Trust: 0.7

db:BUGTRAQid:20011011 VULNERABILITIES IN IPSWITCH IMAIL SERVER 7.04

Trust: 0.6

db:VULHUBid:VHN-4086

Trust: 0.1

sources: VULHUB: VHN-4086 // BID: 3429 // CNNVD: CNNVD-200110-040 // NVD: CVE-2001-1281

REFERENCES

url:http://www.securityfocus.com/bid/3429

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html

Trust: 1.7

url:http://www.ipswitch.com/support/imail/news.html

Trust: 1.7

url:http://www.ipswitch.com/products/imail_server/index.html

Trust: 0.3

url:http://ipswitch.com/support/imail/patch-upgrades.html

Trust: 0.3

sources: VULHUB: VHN-4086 // BID: 3429 // CNNVD: CNNVD-200110-040 // NVD: CVE-2001-1281

CREDITS

Discovered and posted to Bugtraq by Arne Vidstrom <arne.vidstrom@ntsecurity.nu> on Oct 11, 2001.

Trust: 0.9

sources: BID: 3429 // CNNVD: CNNVD-200110-040

SOURCES

db:VULHUBid:VHN-4086
db:BIDid:3429
db:CNNVDid:CNNVD-200110-040
db:NVDid:CVE-2001-1281

LAST UPDATE DATE

2025-04-03T22:16:57.472000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-4086date:2008-09-10T00:00:00
db:BIDid:3429date:2009-07-11T09:06:00
db:CNNVDid:CNNVD-200110-040date:2005-10-20T00:00:00
db:NVDid:CVE-2001-1281date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:VULHUBid:VHN-4086date:2001-10-12T00:00:00
db:BIDid:3429date:2001-10-12T00:00:00
db:CNNVDid:CNNVD-200110-040date:2001-10-12T00:00:00
db:NVDid:CVE-2001-1281date:2001-10-12T04:00:00