Null Byte Injection Vulnerability in SmarterMail by SmarterTools
CVE-2004-2584

Currently unrated

Key Information:

Vendor: Smartertools
Status: Smartermail
Vendor: CVE Published:; 31 December 2004

🔔 Create Smartertools Vulnerability Alert

What is CVE-2004-2584?

The frmAddfolder.aspx component in SmarterTools' SmarterMail versions 1.6.1511 and 1.6.1529 is susceptible to a null byte injection flaw. This vulnerability allows remote authenticated users to create folders with names that contain a null byte ('%00'), resulting in folders that cannot be deleted or renamed by the software. The implications of this issue may affect folder management within the application, causing potential disruption for users.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/15392

vdb-entryx_refsource_XF

http://www.zone-h.org/advisories/read/id=4098

x_refsource_MISC

http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Nov 28, 2005
Vulnerability published
Dec 31, 2004