Webshield SMTP
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2000-1129 | 0.03 | — | 0.02 | Jan 9, 2001 | McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field. | |||
| CVE-2000-0437 | 0.03 | — | 0.06 | May 18, 2000 | Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands. | |||
| CVE-2002-1121 | 0.01 | — | 0.07 | Sep 24, 2002 | SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046… | |||
| CVE-2001-1542 | 0.00 | — | 0.03 | Dec 31, 2001 | NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments. | |||
| CVE-2000-1130 | 0.00 | — | 0.02 | Jan 9, 2001 | McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by including Extended ASCII characters in name of the attachment. | |||
| CVE-2000-0738 | 0.00 | — | 0.02 | Oct 20, 2000 | WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield to continuously send itself copies of the e-mail. | |||
| CVE-2000-0447 | 0.00 | — | 0.04 | May 1, 2000 | Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service. | |||
| CVE-2000-0448 | 0.00 | — | 0.02 | May 1, 2000 | The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command. |
- CVE-2000-1129Jan 9, 2001risk 0.03cvss —epss 0.02
McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field.
- CVE-2000-0437May 18, 2000risk 0.03cvss —epss 0.06
Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands.
- CVE-2002-1121Sep 24, 2002risk 0.01cvss —epss 0.07
SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046…
- CVE-2001-1542Dec 31, 2001risk 0.00cvss —epss 0.03
NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments.
- CVE-2000-1130Jan 9, 2001risk 0.00cvss —epss 0.02
McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by including Extended ASCII characters in name of the attachment.
- CVE-2000-0738Oct 20, 2000risk 0.00cvss —epss 0.02
WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield to continuously send itself copies of the e-mail.
- CVE-2000-0447May 1, 2000risk 0.00cvss —epss 0.04
Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service.
- CVE-2000-0448May 1, 2000risk 0.00cvss —epss 0.02
The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command.