Details of VAR-200110-0113

ID

VAR-200110-0113

CVE

CVE-2001-1287

TITLE

Ipswitch IMail Web Calender Buffer Overflow Vulnerability

Trust: 0.9

sources: BID: 3431 // CNNVD: CNNVD-200110-043

DESCRIPTION

Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. Due to improper bounds checking, the Web Calendaring feature of IMail could allow the execution of arbitrary code with the privileges of SYSTEM. This is achieveable by submitting a specially crafted GET request. Ipswitch IMail 7.04 and earlier versions have a buffer overflow vulnerability

Trust: 1.26

sources: NVD: CVE-2001-1287 // BID: 3431 // VULHUB: VHN-4092

AFFECTED PRODUCTS

vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.4	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.6	Trust: 1.6
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.2	Trust: 1.6

sources: BID: 3431 // CNNVD: CNNVD-200110-043 // NVD: CVE-2001-1287

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1287
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200110-043
value:	HIGH
Trust: 0.6
VULHUB:	VHN-4092
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-1287
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4092
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4092 // CNNVD: CNNVD-200110-043 // NVD: CVE-2001-1287

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1287

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200110-043

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200110-043

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-4092

EXTERNAL IDS

db:	BID	id:	3431	Trust: 2.0
db:	NVD	id:	CVE-2001-1287	Trust: 2.0
db:	CNNVD	id:	CNNVD-200110-043	Trust: 0.7
db:	BUGTRAQ	id:	20011012 DEF-2001-29	Trust: 0.6
db:	EXPLOIT-DB	id:	22458	Trust: 0.1
db:	SEEBUG	id:	SSVID-76260	Trust: 0.1
db:	VULHUB	id:	VHN-4092	Trust: 0.1

sources: VULHUB: VHN-4092 // BID: 3431 // CNNVD: CNNVD-200110-043 // NVD: CVE-2001-1287

REFERENCES

url:	http://www.securityfocus.com/bid/3431	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2001-10/0083.html	Trust: 1.7
url:	http://www.ipswitch.com/support/imail/news.html	Trust: 1.7
url:	http://www.ipswitch.com/products/imail_server/index.html	Trust: 0.3

sources: VULHUB: VHN-4092 // BID: 3431 // CNNVD: CNNVD-200110-043 // NVD: CVE-2001-1287

CREDITS

Discovered and posted to Bugtraq in a Defcom Labs Advisory def-2001-29 on Oct 12, 2001.

Trust: 0.9

sources: BID: 3431 // CNNVD: CNNVD-200110-043

SOURCES

db:	VULHUB	id:	VHN-4092
db:	BID	id:	3431
db:	CNNVD	id:	CNNVD-200110-043
db:	NVD	id:	CVE-2001-1287

LAST UPDATE DATE

2025-04-03T22:30:57.108000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-4092	date:	2008-09-10T00:00:00
db:	BID	id:	3431	date:	2009-07-11T09:06:00
db:	CNNVD	id:	CNNVD-200110-043	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-1287	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-4092	date:	2001-10-12T00:00:00
db:	BID	id:	3431	date:	2001-10-12T00:00:00
db:	CNNVD	id:	CNNVD-200110-043	date:	2001-10-12T00:00:00
db:	NVD	id:	CVE-2001-1287	date:	2001-10-12T04:00:00