CVE-2003-1485Improper Input Validation in Mailsweeper

CWE-20Improper Input Validation3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 61.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Clearswift Mailsweeper
Timeline
PublishedDec 31
Latest updateApr 29

Description

Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains "multiple extensions combined with large blocks of white space."

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDclearswift/mailsweeper10 versions+9

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-85w6-fmf9-6mx8: Clearswift MAILsweeper 42022-04-29
CVEList
CVE-2003-1485: Clearswift MAILsweeper 42007-10-24
CVE-2003-1485 — Improper Input Validation | cvebase