CVE-2002-1121
First published: Sat Sep 14 2002(Updated: )
SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GFI MailSecurity | =7.2 | |
| Trend Micro InterScan VirusWall Scan Engine | =3.51 | |
| MIMEDefang | =2.14 | |
| WebShield | =4.0.5 | |
| Trend Micro InterScan VirusWall Scan Engine | =3.5 | |
| Roaring Penguin CanIT | =1.2 | |
| WebShield | =4.5.44 | |
| MIMEDefang | =2.20 | |
| WebShield | =4.5.74.0 | |
| Trend Micro InterScan VirusWall Scan Engine | =3.52 | |
| WebShield | =4.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0113.html
- http://www.iss.net/security_center/static/10088.php
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html
- http://www.securiteam.com/securitynews/5YP0A0K8CM.html
- http://www.kb.cert.org/vuls/id/836088
- http://www.securityfocus.com/bid/5696
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0135.html
- http://marc.info/?l=bugtraq&m=103184267105132&w=2
- http://marc.info/?l=bugtraq&m=103184501408453&w=2
Frequently Asked Questions
What is the severity of CVE-2002-1121?
CVE-2002-1121 is considered a Medium severity vulnerability due to its potential exploitation in SMTP content filter engines.
How do I fix CVE-2002-1121?
To fix CVE-2002-1121, update your SMTP content filtering software to the latest version that addresses this vulnerability.
Which software is affected by CVE-2002-1121?
CVE-2002-1121 affects GFI MailSecurity, Trend Micro InterScan VirusWall, and Roaring Penguin MIMEDefang, among others.
What is the impact of CVE-2002-1121?
The impact of CVE-2002-1121 includes the inability to detect fragmented emails, which can lead to undetected malicious content.
Does CVE-2002-1121 affect all versions of the software?
CVE-2002-1121 specifically affects certain versions of the identified software, so users must verify their specific versions for vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/gfi
- product/mailsecurity
- canonical/gfi mailsecurity
- vendor/trend micro
- product/interscan viruswall
- canonical/trend micro interscan viruswall
- vendor/roaring penguin
- product/mimedefang
- canonical/roaring penguin mimedefang
- vendor/network associates
- product/webshield smtp
- canonical/network associates webshield smtp
- product/canit
- canonical/roaring penguin canit
- agent/software-canonical-lookup-request
- collector/nvd-index
- version/gfi mailsecurity/7.2
- canonical/trend micro interscan viruswall scan engine
- version/trend micro interscan viruswall scan engine/3.51
- canonical/mimedefang
- version/mimedefang/2.14
- canonical/webshield
- version/webshield/4.0.5
- version/trend micro interscan viruswall scan engine/3.5
- version/roaring penguin canit/1.2
- version/webshield/4.5.44
- version/mimedefang/2.20
- version/webshield/4.5.74.0
- version/trend micro interscan viruswall scan engine/3.52
- version/webshield/4.5