CVE-2007-3171 : Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an in

Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages.

Published 2007-06-11 22:30:00

Updated 2017-07-29 01:32:02

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2007-3171

Probability of exploitation activity in the next 30 days: 1.51%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-3171

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2007-3171

Products affected by CVE-2007-3171

Uebimiau » Uebimiau » Version: 2.7.9
cpe:2.3:a:uebimiau:uebimiau:2.7.9:*:*:*:*:*:*:*
Matching versions
Uebimiau » Uebimiau » Version: 2.7.10
cpe:2.3:a:uebimiau:uebimiau:2.7.10:*:*:*:*:*:*:*
Matching versions
Uebimiau » Uebimiau » Version: 2.7.2
cpe:2.3:a:uebimiau:uebimiau:2.7.2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-3171

Exploit prediction scoring system (EPSS) score for CVE-2007-3171

CVSS scores for CVE-2007-3171

References for CVE-2007-3171

Products affected by CVE-2007-3171