Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2049

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-2049
Last Modified 07 Mar 2011 10:08:37
Published 01 May 2008 03:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2049

Summary

The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message.

Vulnerable Systems

Application

  • E-post Corporation Mail Server 4.10

  • E-post Corporation Mail Server Enterprise 4.10


References

XF - epost-pop3-information-disclosure(42035)

VUPEN - ADV-2008-1389

SECTRACK - 1019930

BID - 28951

CONFIRM - http://www.e-postinc.jp/Mail_Server.html

MISC - http://vuln.sg/epostmailserver410-en.html

SECUNIA - 29990


Last Updated: 27 May 2016 10:47:44