Vulnerability Details : CVE-2007-2173
Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
Exploit prediction scoring system (EPSS) score for CVE-2007-2173
Probability of exploitation activity in the next 30 days: 1.33%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-2173
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2007-2173
Products affected by CVE-2007-2173
- cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier-imap:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier-imap:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.5:*:*:*:*:*:*:*