CVE-2011-1407
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
La implementación de DKIM en Exim v4.7x con anterioridad a v4.76 permite la comparación de las identidades DKIM para aplicar a las operaciones de búsqueda artículos, en lugar de sólo cadenas, que permite a atacantes remotos ejecutar código arbitrario o acceso a un sistema de ficheros a través de una identidad manipulada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-03-10 CVE Reserved
- 2011-05-12 CVE Published
- 2024-02-23 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/47836 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html | 2011-09-07 | |
| https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html | 2011-09-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2011/dsa-2236 | 2011-09-07 | |
| http://www.ubuntu.com/usn/USN-1135-1 | 2011-09-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.70 Search vendor "Exim" for product "Exim" and version "4.70" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.71 Search vendor "Exim" for product "Exim" and version "4.71" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.72 Search vendor "Exim" for product "Exim" and version "4.72" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.73 Search vendor "Exim" for product "Exim" and version "4.73" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.74 Search vendor "Exim" for product "Exim" and version "4.74" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.75 Search vendor "Exim" for product "Exim" and version "4.75" | - |
Affected
| ||||||