CVE-2005-4828
CVE-2005-4828 is a medium-severity vulnerability in Kolab Kolab Groupware Server with a CVSS 2.0 base score of 6.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 6.4)
- EPSS exploit prediction: 1% (65th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Kolab Kolab Groupware Server
- Published:
- Last modified:
Description
Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE: it is not clear whether this issue crosses privilege boundaries, so this might not be a vulnerability.
Frequently asked questions
- What is CVE-2005-4828?
- Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE: it is not clear whether this issue crosses privilege boundaries, so this might not be a vulnerability.
- How severe is CVE-2005-4828?
- CVE-2005-4828 has a CVSS 2.0 base score of 6.4, rated medium severity.
- Is CVE-2005-4828 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (65th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2005-4828?
- CVE-2005-4828 primarily affects Kolab Kolab Groupware Server. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2005-4828?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2005-4828 published?
- CVE-2005-4828 was published on 2005-12-31 and last updated on 2026-06-16.
References
- http://kolab.org/security/kolab-vendor-notice-07.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:013
- http://www.osvdb.org/22538
Affected products (2)
- cpe:2.3:a:kolab:kolab_groupware_server:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:kolab:kolab_groupware_server:2.0.1:*:*:*:*:*:*:*
More vulnerabilities in Kolab Kolab Groupware Server
- CVE-2006-0213 — Medium (CVSS 4.6): Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure…
- CVE-2004-1997 — Medium (CVSS 4.6): Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which…
- CVE-2008-4165 — Medium (CVSS 4.0): admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows…