CVE-2016-4460

Published on: 08/22/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:58 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Pony Mail from Apache contain the following vulnerability:

Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.

  • CVE-2016-4460 has been assigned by [email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
CVE-2016-4460: Apache Pony Mail (Incubating) disclosure vulnerability - Daniel Gruno - org.apache.ponymail.users - MarkMail Mailing List
Patch
Vendor Advisory
markmail.org
text/html
URL Logo CONFIRM markmail.org/message/jy7o23cppny26icu
Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 100449

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationApachePony Mail0.6cAllAllAll
ApplicationApachePony Mail0.7bAllAllAll
ApplicationApachePony Mail0.8bAllAllAll
ApplicationApachePony Mail0.6cAllAllAll
ApplicationApachePony Mail0.7bAllAllAll
ApplicationApachePony Mail0.8bAllAllAll
  • cpe:2.3:a:apache:pony_mail:0.6c:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pony_mail:0.7b:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pony_mail:0.8b:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pony_mail:0.6c:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pony_mail:0.7b:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pony_mail:0.8b:*:*:*:*:*:*:*: