CVE-2008-1854

SmarterMail 5.0.2999 - Denial of Service via Long HTTP Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1854. PoCs published by ryujin.

AI-analyzed exploit summary This exploit triggers a denial-of-service (DoS) in SmarterTools SmarterMail 5.0 by sending a malformed TRACE request with an oversized payload (8784 'A' characters). The server crashes upon connection reset, causing service disruption.

Description

Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ryujin · pythondoswindows
https://www.exploit-db.com/exploits/31607

This exploit triggers a denial-of-service (DoS) in SmarterTools SmarterMail 5.0 by sending a malformed TRACE request with an oversized payload (8784 'A' characters). The server crashes upon connection reset, causing service disruption.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: SmarterTools SmarterMail 5.0 (tested on 5.0.2999)
No auth needed
Prerequisites: Network access to the target server · SmarterMail 5.0 web server running
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29732
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41710
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28610

Scores

EPSS 0.0265
EPSS Percentile 83.7%

Details

Status published
Products (1)
smartertools/smartermail 5.0.2999
Published Apr 16, 2008
Tracked Since Feb 18, 2026