CVE-2010-2580
CVE-2010-2580 is a medium-severity vulnerability in Mailenable with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-20.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 4% (89th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-20
- Affected product: Mailenable
- Published:
- Last modified:
Description
The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error."
Frequently asked questions
- What is CVE-2010-2580?
- The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error."
- How severe is CVE-2010-2580?
- CVE-2010-2580 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2010-2580 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 4% (89th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2010-2580?
- CVE-2010-2580 primarily affects Mailenable. In total, 78 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2010-2580?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2010-2580 published?
- CVE-2010-2580 was published on 2010-09-15 and last updated on 2026-06-16.
References
- http://secunia.com/advisories/41175
- http://secunia.com/secunia_research/2010-112/
- http://www.mailenable.com/Enterprise-ReleaseNotes.txt
- http://www.mailenable.com/Professional-ReleaseNotes.txt
- http://www.mailenable.com/Standard-ReleaseNotes.txt
- http://www.mailenable.com/hotfix/
- http://www.securityfocus.com/archive/1/513648/100/0/threaded
- http://www.securityfocus.com/bid/43182
- http://www.securitytracker.com/id?1024427
Affected products (78)
- cpe:2.3:a:mailenable:mailenable:*:-:pro:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.0:-:pro:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.1:-:pro:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.01:-:pro:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.11:-:pro:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.12:-:pro:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.13:-:pro:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.14:-:pro:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.15:-:pro:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.16:-:pro:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.17:-:pro:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.22:-:pro:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.23:-:pro:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.24:-:pro:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:*:-:std:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.0:-:std:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.01:-:std:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.1:-:std:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.13:-:std:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.14:-:std:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.16:-:std:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.17:-:std:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.22:-:std:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.23:-:std:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.24:-:std:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:*:-:enterprise:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.0:-:enterprise:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.01:-:enterprise:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.1:-:enterprise:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.11:-:enterprise:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.12:-:enterprise:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.13:-:enterprise:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.14:-:enterprise:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.15:-:enterprise:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.16:-:enterprise:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.17:-:enterprise:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.22:-:enterprise:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.23:-:enterprise:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:4.24:-:enterprise:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable:3.61:-:std:*:*:*:*:*
More vulnerabilities in Mailenable
- CVE-2015-9280 — Critical (CVSS 10.0): MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.
- CVE-2025-44148 — Critical (CVSS 9.8): Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code…
- CVE-2019-12924 — Critical (CVSS 9.8): MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be…
- CVE-2015-9278 — Critical (CVSS 9.8): MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A…
- CVE-2015-9277 — Critical (CVSS 9.1): MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and…
- CVE-2022-42136 — High (CVSS 8.8): Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders…
All CVEs affecting Mailenable →
Other CWE-20 (Improper Input Validation) vulnerabilities
- CVE-2026-48316 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48281 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48277 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48055 — Critical (CVSS 10.0): Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and…
- CVE-2026-34910 — Critical (CVSS 10.0): A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS…
- CVE-2026-33587 — Critical (CVSS 10.0): Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and…
Browse all CWE-20 (Improper Input Validation) vulnerabilities →