CVE-2006-3277

Exp

The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument.

Published: 2006-06-28 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2006-3277 is rated High Exploit Risk (71.8/100): CVSS Medium severity, with high exploitation likelihood (EPSS 21.04%, 95th percentile). 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +3.45% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2006-3277

EDB-ID Source Kind Published Link
28103 exploit_db edb 2006-06-24 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2006-3277

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-11-08 17.59% 21.04% +3.45%
2 2025-03-30 14.45% 17.59% +3.15%
3 2025-03-29 14.45%

Full EPSS history (13 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2006-3277

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 2.9 [email protected]

Weakness enumeration for CVE-2006-3277

Affected software / configurations for CVE-2006-3277

Vendor Product Version Raw CPE
mailenable mailenable_enterprise <= 1.00 cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*
mailenable mailenable_enterprise <= 1.01 cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*
mailenable mailenable_enterprise <= 1.1 cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*
mailenable mailenable_enterprise <= 1.2 cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*
mailenable mailenable_enterprise <= 1.02 cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*
mailenable mailenable_enterprise <= 1.03 cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*
mailenable mailenable_enterprise <= 1.04 cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*
mailenable mailenable_enterprise <= 1.21 cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*
mailenable mailenable_professional 1.0.004 cpe:2.3:a:mailenable:mailenable_professional:1.0.004:*:*:*:*:*:*:*
mailenable mailenable_professional 1.0.005 cpe:2.3:a:mailenable:mailenable_professional:1.0.005:*:*:*:*:*:*:*
mailenable mailenable_professional 1.0.006 cpe:2.3:a:mailenable:mailenable_professional:1.0.006:*:*:*:*:*:*:*
mailenable mailenable_professional 1.0.007 cpe:2.3:a:mailenable:mailenable_professional:1.0.007:*:*:*:*:*:*:*
mailenable mailenable_professional 1.0.008 cpe:2.3:a:mailenable:mailenable_professional:1.0.008:*:*:*:*:*:*:*
mailenable mailenable_professional 1.0.009 cpe:2.3:a:mailenable:mailenable_professional:1.0.009:*:*:*:*:*:*:*
mailenable mailenable_professional 1.0.010 cpe:2.3:a:mailenable:mailenable_professional:1.0.010:*:*:*:*:*:*:*
mailenable mailenable_professional 1.0.011 cpe:2.3:a:mailenable:mailenable_professional:1.0.011:*:*:*:*:*:*:*
mailenable mailenable_professional 1.0.012 cpe:2.3:a:mailenable:mailenable_professional:1.0.012:*:*:*:*:*:*:*
mailenable mailenable_professional 1.0.013 cpe:2.3:a:mailenable:mailenable_professional:1.0.013:*:*:*:*:*:*:*
mailenable mailenable_professional 1.0.014 cpe:2.3:a:mailenable:mailenable_professional:1.0.014:*:*:*:*:*:*:*
mailenable mailenable_professional 1.0.015 cpe:2.3:a:mailenable:mailenable_professional:1.0.015:*:*:*:*:*:*:*
mailenable mailenable_professional 1.0.016 cpe:2.3:a:mailenable:mailenable_professional:1.0.016:*:*:*:*:*:*:*
mailenable mailenable_professional 1.0.017 cpe:2.3:a:mailenable:mailenable_professional:1.0.017:*:*:*:*:*:*:*
mailenable mailenable_professional 1.1 cpe:2.3:a:mailenable:mailenable_professional:1.1:*:*:*:*:*:*:*
mailenable mailenable_professional 1.2 cpe:2.3:a:mailenable:mailenable_professional:1.2:*:*:*:*:*:*:*
mailenable mailenable_professional 1.2a cpe:2.3:a:mailenable:mailenable_professional:1.2a:*:*:*:*:*:*:*
mailenable mailenable_professional 1.5 cpe:2.3:a:mailenable:mailenable_professional:1.5:*:*:*:*:*:*:*
mailenable mailenable_professional 1.6 cpe:2.3:a:mailenable:mailenable_professional:1.6:*:*:*:*:*:*:*
mailenable mailenable_professional 1.7 cpe:2.3:a:mailenable:mailenable_professional:1.7:*:*:*:*:*:*:*
mailenable mailenable_professional 1.8 cpe:2.3:a:mailenable:mailenable_professional:1.8:*:*:*:*:*:*:*
mailenable mailenable_professional 1.9 cpe:2.3:a:mailenable:mailenable_professional:1.9:*:*:*:*:*:*:*
mailenable mailenable_professional 1.12 cpe:2.3:a:mailenable:mailenable_professional:1.12:*:*:*:*:*:*:*
mailenable mailenable_professional 1.13 cpe:2.3:a:mailenable:mailenable_professional:1.13:*:*:*:*:*:*:*
mailenable mailenable_professional 1.14 cpe:2.3:a:mailenable:mailenable_professional:1.14:*:*:*:*:*:*:*
mailenable mailenable_professional 1.15 cpe:2.3:a:mailenable:mailenable_professional:1.15:*:*:*:*:*:*:*
mailenable mailenable_professional 1.16 cpe:2.3:a:mailenable:mailenable_professional:1.16:*:*:*:*:*:*:*
mailenable mailenable_professional 1.17 cpe:2.3:a:mailenable:mailenable_professional:1.17:*:*:*:*:*:*:*
mailenable mailenable_professional 1.18 cpe:2.3:a:mailenable:mailenable_professional:1.18:*:*:*:*:*:*:*
mailenable mailenable_professional 1.19 cpe:2.3:a:mailenable:mailenable_professional:1.19:*:*:*:*:*:*:*
mailenable mailenable_professional 1.51 cpe:2.3:a:mailenable:mailenable_professional:1.51:*:*:*:*:*:*:*
mailenable mailenable_professional 1.52 cpe:2.3:a:mailenable:mailenable_professional:1.52:*:*:*:*:*:*:*
mailenable mailenable_professional 1.53 cpe:2.3:a:mailenable:mailenable_professional:1.53:*:*:*:*:*:*:*
mailenable mailenable_professional 1.54 cpe:2.3:a:mailenable:mailenable_professional:1.54:*:*:*:*:*:*:*
mailenable mailenable_professional 1.71 cpe:2.3:a:mailenable:mailenable_professional:1.71:*:*:*:*:*:*:*
mailenable mailenable_professional 1.72 cpe:2.3:a:mailenable:mailenable_professional:1.72:*:*:*:*:*:*:*
mailenable mailenable_professional 1.73 cpe:2.3:a:mailenable:mailenable_professional:1.73:*:*:*:*:*:*:*
mailenable mailenable_professional 1.91 cpe:2.3:a:mailenable:mailenable_professional:1.91:*:*:*:*:*:*:*
mailenable mailenable_professional 1.92 cpe:2.3:a:mailenable:mailenable_professional:1.92:*:*:*:*:*:*:*
mailenable mailenable_professional 1.93 cpe:2.3:a:mailenable:mailenable_professional:1.93:*:*:*:*:*:*:*
mailenable mailenable_professional 1.101 cpe:2.3:a:mailenable:mailenable_professional:1.101:*:*:*:*:*:*:*
mailenable mailenable_professional 1.102 cpe:2.3:a:mailenable:mailenable_professional:1.102:*:*:*:*:*:*:*
mailenable mailenable_professional 1.103 cpe:2.3:a:mailenable:mailenable_professional:1.103:*:*:*:*:*:*:*
mailenable mailenable_professional 1.104 cpe:2.3:a:mailenable:mailenable_professional:1.104:*:*:*:*:*:*:*
mailenable mailenable_professional 1.105 cpe:2.3:a:mailenable:mailenable_professional:1.105:*:*:*:*:*:*:*
mailenable mailenable_professional 1.106 cpe:2.3:a:mailenable:mailenable_professional:1.106:*:*:*:*:*:*:*
mailenable mailenable_professional 1.107 cpe:2.3:a:mailenable:mailenable_professional:1.107:*:*:*:*:*:*:*
mailenable mailenable_professional 1.108 cpe:2.3:a:mailenable:mailenable_professional:1.108:*:*:*:*:*:*:*
mailenable mailenable_professional 1.109 cpe:2.3:a:mailenable:mailenable_professional:1.109:*:*:*:*:*:*:*
mailenable mailenable_professional 1.110 cpe:2.3:a:mailenable:mailenable_professional:1.110:*:*:*:*:*:*:*
mailenable mailenable_professional 1.111 cpe:2.3:a:mailenable:mailenable_professional:1.111:*:*:*:*:*:*:*
mailenable mailenable_professional 1.112 cpe:2.3:a:mailenable:mailenable_professional:1.112:*:*:*:*:*:*:*
mailenable mailenable_professional 1.113 cpe:2.3:a:mailenable:mailenable_professional:1.113:*:*:*:*:*:*:*
mailenable mailenable_professional 1.114 cpe:2.3:a:mailenable:mailenable_professional:1.114:*:*:*:*:*:*:*
mailenable mailenable_professional 1.115 cpe:2.3:a:mailenable:mailenable_professional:1.115:*:*:*:*:*:*:*
mailenable mailenable_professional 1.116 cpe:2.3:a:mailenable:mailenable_professional:1.116:*:*:*:*:*:*:*
mailenable mailenable_professional 1.610 cpe:2.3:a:mailenable:mailenable_professional:1.610:*:*:*:*:*:*:*
mailenable mailenable_professional 1.701 cpe:2.3:a:mailenable:mailenable_professional:1.701:*:*:*:*:*:*:*
mailenable mailenable_professional 1.702 cpe:2.3:a:mailenable:mailenable_professional:1.702:*:*:*:*:*:*:*
mailenable mailenable_professional 1.703 cpe:2.3:a:mailenable:mailenable_professional:1.703:*:*:*:*:*:*:*
mailenable mailenable_professional 1.704 cpe:2.3:a:mailenable:mailenable_professional:1.704:*:*:*:*:*:*:*
mailenable mailenable_professional 1.5015 cpe:2.3:a:mailenable:mailenable_professional:1.5015:*:*:*:*:*:*:*
mailenable mailenable_professional 1.5016 cpe:2.3:a:mailenable:mailenable_professional:1.5016:*:*:*:*:*:*:*
mailenable mailenable_professional 1.5017 cpe:2.3:a:mailenable:mailenable_professional:1.5017:*:*:*:*:*:*:*
mailenable mailenable_professional 1.5018 cpe:2.3:a:mailenable:mailenable_professional:1.5018:*:*:*:*:*:*:*

References for CVE-2006-3277

cvelogic Threat Intelligence