KDE KMail HTML Email Information Spoofing

medium Nessus Network Monitor Plugin ID 2811

Synopsis

The remote host is running a vulnerable email client.

Description

The remote client is running Kmail, an email client for Unix and Unix-like operating systems. This version is vulnerable to a content-parsing flaw within the HTML handlers. Specifically, a client with HTML enabled may be sent a malicious email that is able to overlap portions of the displayed email. This can be used to convince users to perform web-based tasks that have unexpected results.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: Medium

ID: 2811

Family: SMTP Clients

Published: 4/11/2005

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4.8

Temporal Score: 4.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:W/RC:X

Vulnerability Information

CPE: cpe:/a:kmail:kmail

Reference Information

CVE: CVE-2005-0404

BID: 13085

Detections

Analytics

KDE KMail HTML Email Information Spoofing

medium Nessus Network Monitor Plugin ID 2811

Synopsis

Description

Solution

Plugin Details

Risk Information

VPR

CVSS v2

CVSS v3

Vulnerability Information

Reference Information