fkie_nvd - fkie_cve-2003-1016

fkie_cve-2003-1016

Vulnerability from fkie_nvd

Published

2004-10-20 04:00

Modified

2025-04-03 01:03

Severity ?

Summary

Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use malformed quoting in MIME headers, parameters, and values, including (1) fields that should not be quoted, (2) duplicate quotes, or (3) missing leading or trailing quote characters, which may be interpreted differently by mail clients.

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=109521027007616&w=2
cve@mitre.org	http://www.uniras.gov.uk/vuls/2004/380375/mime.htm	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17336
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=109521027007616&w=2
af854a3a-2127-422b-91ae-364da2661108	http://www.uniras.gov.uk/vuls/2004/380375/mime.htm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17336

Impacted products

Vendor	Product	Version
clearswift	mailsweeper	4.3.7
clearswift	mailsweeper	4.3.8
clearswift	mailsweeper	4.3.10
clearswift	mailsweeper	4.3.11
clearswift	mailsweeper	4.3.13
clearswift	mailsweeper	4.3.14
clearswift	mailsweeper	4.3.15
f-secure	internet_gatekeeper	6.3
f-secure	internet_gatekeeper	6.4
f-secure	internet_gatekeeper	6.31
f-secure	internet_gatekeeper	6.32
paul_l_daniels	ripmime	1.2.0
paul_l_daniels	ripmime	1.2.1
paul_l_daniels	ripmime	1.2.2
paul_l_daniels	ripmime	1.2.3
paul_l_daniels	ripmime	1.2.4
paul_l_daniels	ripmime	1.2.5
paul_l_daniels	ripmime	1.2.6
paul_l_daniels	ripmime	1.2.7
paul_l_daniels	ripmime	1.3.2.0
paul_l_daniels	ripmime	1.3.2.2
paul_l_daniels	ripmime	1.3.2.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:clearswift:mailsweeper:4.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA12B965-672C-444D-9774-0F76FE47EA29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clearswift:mailsweeper:4.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C9B32C-5EC9-46BD-AA77-F414A143576C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clearswift:mailsweeper:4.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "823C27EB-C00F-4A7E-B832-013A50A1EE2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clearswift:mailsweeper:4.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD217379-28E7-465E-843D-E7204EE0E89F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clearswift:mailsweeper:4.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB96CB8A-59F3-4624-B2BA-687ECF929B79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clearswift:mailsweeper:4.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "04A02C12-547E-4086-A409-53AA68F1A4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clearswift:mailsweeper:4.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "8185FBF2-D678-4D90-A5AC-F9B06DFED95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F4EC2BB-A979-4C37-B8BB-086DAEEB4A6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD53E1BC-6A92-4D7C-BE1F-FEF88F78DBD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:6.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC782BFC-6BA0-4823-8A6D-F7D83F55393C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:6.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1B09025-47B9-4F77-9DA6-80885E9A4EC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paul_l_daniels:ripmime:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E021143-608B-44A2-84FB-8F8AC00A9985",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paul_l_daniels:ripmime:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A9BB1C1-2CB2-426D-A8CE-AF5CB0B98674",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paul_l_daniels:ripmime:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AC4686E-B92F-47ED-90DA-42AF650521D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paul_l_daniels:ripmime:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "80EF73F0-1FE1-4041-9C07-A89D153DA41F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paul_l_daniels:ripmime:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF45C4F8-A20C-4D7D-B203-AF36FB046C63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paul_l_daniels:ripmime:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75222D1B-1384-4C74-A54F-BC028C5CDB69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paul_l_daniels:ripmime:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5129FD4-C011-4EA9-B8A1-256E95494FE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paul_l_daniels:ripmime:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F33D78C-9CD1-49A6-A43E-D0187600C033",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6D3CF1D-64E1-47DB-8767-EF8DBF4E17AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E725208-BA0C-41D9-BC45-84577A94AAA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A43C3DCC-3298-4D4D-9485-4A3BECB615E9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use malformed quoting in MIME headers, parameters, and values, including (1) fields that should not be quoted, (2) duplicate quotes, or (3) missing leading or trailing quote characters, which may be interpreted differently by mail clients."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples productos de pasarelas de seguridad de contenidos y antivirus pueden permitir a atacantes remotos saltarse restricciones de contenido mediante mensajes MIME que usan entrecomillado malformado en cabeceras MIME, par\u00e1metros y valores, incluyendo (1) campos que no deber\u00edan ser entrecomillados, (2) comillas duplicadas, o (3) falta de caract\u00e9res al principio o al final, lo que puede ser interpretado de manera distinta por clientes de correo electr\u00f3nico."
    }
  ],
  "id": "CVE-2003-1016",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-10-20T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109521027007616\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109521027007616\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17336"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2003-1016 (GCVE-0-2003-1016)

Vulnerability from cvelistv5

Published

2004-09-24 04:00