VYPR

Webshield SMTP

by Network Associates

CVEs (8)

  • CVE-2000-1129Jan 9, 2001
    risk 0.03cvss epss 0.02

    McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field.

  • CVE-2000-0437May 18, 2000
    risk 0.03cvss epss 0.06

    Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands.

  • CVE-2002-1121Sep 24, 2002
    risk 0.01cvss epss 0.07

    SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046…

  • CVE-2001-1542Dec 31, 2001
    risk 0.00cvss epss 0.03

    NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments.

  • CVE-2000-1130Jan 9, 2001
    risk 0.00cvss epss 0.02

    McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by including Extended ASCII characters in name of the attachment.

  • CVE-2000-0738Oct 20, 2000
    risk 0.00cvss epss 0.02

    WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield to continuously send itself copies of the e-mail.

  • CVE-2000-0447May 1, 2000
    risk 0.00cvss epss 0.04

    Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service.

  • CVE-2000-0448May 1, 2000
    risk 0.00cvss epss 0.02

    The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command.