{"api_version":"1","generated_at":"2026-05-12T23:15:59+00:00","cve":"CVE-2005-0315","urls":{"html":"https://cve.report/CVE-2005-0315","api":"https://cve.report/api/cve/CVE-2005-0315.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2005-0315","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2005-0315"},"summary":{"title":"CVE-2005-0315","description":"The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning.","state":"PUBLISHED","assigner":"mitre","published_at":"2005-01-27 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.6","severity":"","vector":"AV:L/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://secunia.com/advisories/14053","name":"http://secunia.com/advisories/14053","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Secunia - Advisories - Winmail Server Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=110685011825461&w=2","name":"http://marc.info/?l=bugtraq&m=110685011825461&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"'[SIG^2 G-TEC] Magic Winmail Server v4.0 Multiple Vulnerabilities' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19115","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19115","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/12388","name":"http://www.securityfocus.com/bid/12388","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Magic Winmail Server Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://securitytracker.com/id?1013017","name":"http://securitytracker.com/id?1013017","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Magic Winmail Server Input Validation Holes in Webmail and IMAP Services Allow Directory Traversal Attacks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2005-0315","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-0315","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2005","cve_id":"315","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"amax_information_technologies","cpe5":"magic_winmail_server","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T21:05:25.641Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"12388","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/12388"},{"name":"1013017","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1013017"},{"name":"20050127 [SIG^2 G-TEC] Magic Winmail Server v4.0 Multiple Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=110685011825461&w=2"},{"name":"14053","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/14053"},{"name":"magicwinmail-ftp-obtain-information(19115)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19115"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2005-01-27T00:00:00.000Z","descriptions":[{"lang":"en","value":"The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-10T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"12388","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/12388"},{"name":"1013017","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1013017"},{"name":"20050127 [SIG^2 G-TEC] Magic Winmail Server v4.0 Multiple Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=110685011825461&w=2"},{"name":"14053","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/14053"},{"name":"magicwinmail-ftp-obtain-information(19115)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19115"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2005-0315","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"12388","refsource":"BID","url":"http://www.securityfocus.com/bid/12388"},{"name":"1013017","refsource":"SECTRACK","url":"http://securitytracker.com/id?1013017"},{"name":"20050127 [SIG^2 G-TEC] Magic Winmail Server v4.0 Multiple Vulnerabilities","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=110685011825461&w=2"},{"name":"14053","refsource":"SECUNIA","url":"http://secunia.com/advisories/14053"},{"name":"magicwinmail-ftp-obtain-information(19115)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19115"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2005-0315","datePublished":"2005-02-10T05:00:00.000Z","dateReserved":"2005-02-10T00:00:00.000Z","dateUpdated":"2024-08-07T21:05:25.641Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2005-01-27 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:amax_information_technologies:magic_winmail_server:4.0:*:*:*:*:*:*:*","matchCriteriaId":"661FB8A8-F851-44B8-90C4-4636A2C0AED3"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2005","CveId":"315","Ordinal":"1","Title":"CVE-2005-0315","CVE":"CVE-2005-0315","Year":"2005"},"notes":[{"CveYear":"2005","CveId":"315","Ordinal":"1","NoteData":"The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning.","Type":"Description","Title":"CVE-2005-0315"},{"CveYear":"2005","CveId":"315","Ordinal":"2","NoteData":"2005-02-10","Type":"Other","Title":"Published"},{"CveYear":"2005","CveId":"315","Ordinal":"3","NoteData":"2017-07-10","Type":"Other","Title":"Modified"}]}}}