Unrated severityNVD Advisory· Published Apr 24, 2007· Updated Apr 23, 2026

CVE-2007-2188

Description

eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing.

Affected products

Extremail/Extremail2 versions
cpe:2.3:a:extremail:extremail:2.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:extremail:extremail:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:extremail:extremail:2.1.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/fulldisclosure/2007-04/0569.htmlnvdExploit
osvdb.org/35584nvd
www.securityfocus.com/bid/23577nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000