CVE-2007-6714

{"id": "CVE-2007-6714", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-04-17T22:05:00.000", "references": [{"url": "http://dbmail.org/index.php?page=news&id=44", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/44561", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29903", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29937", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29984", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-24.xml", "source": "cve@mitre.org"}, {"url": "http://www.mail-archive.com/dbmail-dev%40dbmail.org/msg09942.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28849", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1019914", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1321/references", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41907", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00549.html", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00585.html", "source": "cve@mitre.org"}, {"url": "http://dbmail.org/index.php?page=news&id=44", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/44561", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29903", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29937", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29984", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-24.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mail-archive.com/dbmail-dev%40dbmail.org/msg09942.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/28849", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1019914", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/1321/references", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41907", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00549.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00585.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication."}, {"lang": "es", "value": "DBMail anterior a 2.2.9, cuando usa authldap con un servidor LDAP que soporta validaci\u00f3n (login) an\u00f3nima como en Active Directory, permite a atacantes remotos evitar la autenticaci\u00f3n con una contrase\u00f1a vac\u00eda, esto provoca que LDAP muestre un acceso v\u00e1lido bas\u00e1ndose en la autenticaci\u00f3n an\u00f3nima."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dbmail:dbmail:2.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA4DB4CD-B262-4247-BD2E-F092BA6537BE"}, {"criteria": "cpe:2.3:a:dbmail:dbmail:2.2.6:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2580139-D5DB-4B4D-B6E7-F0957D4EE5FA"}, {"criteria": "cpe:2.3:a:dbmail:dbmail:2.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2FD1538-8288-4156-A181-BA077CED44A8"}, {"criteria": "cpe:2.3:a:dbmail:dbmail:2.2.7:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D65C8E14-7FB2-41E5-8C74-5509D2FC4AB9"}, {"criteria": "cpe:2.3:a:dbmail:dbmail:2.2.7:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E76AF034-85D5-40F3-8C5B-85DBCCDF4E5A"}, {"criteria": "cpe:2.3:a:dbmail:dbmail:2.2.7:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10D91F87-6055-4186-855E-0BC198C0FF31"}, {"criteria": "cpe:2.3:a:dbmail:dbmail:2.2.7:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51B8C537-0501-413B-8BE1-35D8845194B2"}, {"criteria": "cpe:2.3:a:dbmail:dbmail:2.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "604DBA7B-4C2A-425E-B243-677C0F3AB6C7"}, {"criteria": "cpe:2.3:a:dbmail:dbmail:2.2.8:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7839DDA0-A977-4AE4-B1D4-28D0472E8EB0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}