Sign-up

ID

VAR-201705-1377


CVE

CVE-2015-9058


TITLE

Proxmox Mail Gateway Open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-007552

DESCRIPTION

Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter. Proxmox Mail Gateway is an email gateway product of Austrian company Proxmox Server Solutions. The product protects email from viruses, phishing and Trojans

Trust: 1.71

sources: NVD: CVE-2015-9058 // JVNDB: JVNDB-2015-007552 // VULHUB: VHN-87019

AFFECTED PRODUCTS

vendor:proxmoxmodel:mail gatewayscope:lteversion:4.0-4\/b38fc5d9

Trust: 1.0

vendor:proxmox servermodel:mail gatewayscope:ltversion:hotfix 4.0-8-097d26a9

Trust: 0.8

vendor:proxmoxmodel:mail gatewayscope:eqversion:4.0-4\/b38fc5d9

Trust: 0.6

sources: JVNDB: JVNDB-2015-007552 // CNNVD: CNNVD-201705-216 // NVD: CVE-2015-9058

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-9058
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-9058
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201705-216
value: MEDIUM

Trust: 0.6

VULHUB: VHN-87019
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-9058
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-87019
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-9058
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-87019 // JVNDB: JVNDB-2015-007552 // CNNVD: CNNVD-201705-216 // NVD: CVE-2015-9058

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.9

sources: VULHUB: VHN-87019 // JVNDB: JVNDB-2015-007552 // NVD: CVE-2015-9058

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-216

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201705-216

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007552

PATCH
title:Proxmox Mail Gatewayurl:https://www.proxmox.com/en/proxmox-mail-gateway
Trust: 0.8
title:Proxmox Mail Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69844
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-007552 // 
            
            
            
            CNNVD: CNNVD-201705-216

EXTERNAL IDS
db:NVDid:CVE-2015-9058
Trust: 2.5
db:JVNDBid:JVNDB-2015-007552
Trust: 0.8
db:CNNVDid:CNNVD-201705-216
Trust: 0.7
db:VULHUBid:VHN-87019
Trust: 0.1
sources:
            
            
            VULHUB: VHN-87019 // 
            
            
            
            JVNDB: JVNDB-2015-007552 // 
            
            
            
            CNNVD: CNNVD-201705-216 // 
            
            
            
            NVD: CVE-2015-9058

REFERENCES
url:https://www.trustwave.com/resources/security-advisories/advisories/twsl2015-024/?fid=7431
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9058
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-9058
Trust: 0.8
sources:
            
            
            VULHUB: VHN-87019 // 
            
            
            
            JVNDB: JVNDB-2015-007552 // 
            
            
            
            CNNVD: CNNVD-201705-216 // 
            
            
            
            NVD: CVE-2015-9058

SOURCES
db:VULHUBid:VHN-87019
db:JVNDBid:JVNDB-2015-007552
db:CNNVDid:CNNVD-201705-216
db:NVDid:CVE-2015-9058

LAST UPDATE DATE
2025-04-20T23:35:50.707000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-87019date:2017-05-16T00:00:00
db:JVNDBid:JVNDB-2015-007552date:2017-06-09T00:00:00
db:CNNVDid:CNNVD-201705-216date:2017-05-04T00:00:00
db:NVDid:CVE-2015-9058date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-87019date:2017-05-03T00:00:00
db:JVNDBid:JVNDB-2015-007552date:2017-06-09T00:00:00
db:CNNVDid:CNNVD-201705-216date:2017-05-04T00:00:00
db:NVDid:CVE-2015-9058date:2017-05-03T10:59:00.210