Advisories

Weaknesses

Fixes

Requirements

Compliance

180 – Insecure service configuration - SMTP

Description

The hosting server has an open port (SMTP 25) which allows attackers to send emails using the web server.

Impact

Send emails as anyone using the servers.

Recommendation

Close unused ports to prevent SMTP relay attacks.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

30 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

Attack vector: N
Attack complexity: L
Attack Requirements: N
Privileges required: N
User interaction: N
Confidentiality (VC): N
Integrity (VI): L
Availability (VA): N
Confidentiality (SC): N
Integrity (SI): N
Availability (SA): N

Threat 4.0

Exploit maturity: X

Requirements

266 - Disable insecure functionalities

Fixes

Python

Last updated

2024/02/15