CVE-2005-3182

Summary

CVE	CVE-2005-3182
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2005-10-20 10:02:00 UTC
Updated	2016-10-18 03:33:00 UTC
Description	Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Gfi	Mailsecurity	8.1	All	exchange_smtp	All
Application	Gfi	Mailsecurity	8.1	All	exchange_smtp	All

References

Reference	Source	Link	Tags
GFI MailSecurity for Exchange/SMTP Web Interface Remote Buffer Overflow Vulnerability	BID	www.securityfocus.com	Patch
GFI Knowledge Base Article	CONFIRM	kbase.gfi.com	Patch
SecurityTracker.com Archives - GFI MailSecurity Web Module Buffer Overflow in Processing HTTP Headers Lets Remote Users Execute Arbitrary Code	SECTRACK	securitytracker.com
19926	OSVDB	www.osvdb.org
Secunia - Advisories - GFI MailSecurity HTTP Management Interface Buffer Overflow	SECUNIA	secunia.com	Patch, Vendor Advisory
SecurityReason	SREASON	securityreason.com
'[SEC-1 Advisory] GFI MailSecurity 8.1 Web Module Buffer Overflow' - MARC	BUGTRAQ	marc.info
Neohapsis Archives - Full Disclosure List - #0290 - [Full-disclosure] [SEC-1 Advisory] GFI MailSecurity 8.1 Web Module Buffer Overflow	FULLDISC	archives.neohapsis.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.