Vulnerability Details : CVE-2008-2784
The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.
Products affected by CVE-2008-2784
- cpe:2.3:a:spamdyke:spamdyke:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:spamdyke:spamdyke:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:spamdyke:spamdyke:3.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:spamdyke:spamdyke:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:spamdyke:spamdyke:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:spamdyke:spamdyke:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:spamdyke:spamdyke:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:spamdyke:spamdyke:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:spamdyke:spamdyke:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:spamdyke:spamdyke:3.1.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-2784
0.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-2784
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:P |
10.0
|
4.9
|
NIST |
CWE ids for CVE-2008-2784
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-2784
Jump to