Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0490

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-0490
Last Modified 05 Sep 2008 04:28:09
Published 12 Aug 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0490

Summary

Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.

Vulnerable Systems

Application

  • Instant Web Mail 0.55

  • Instant Web Mail 0.56

  • Instant Web Mail 0.57

  • Instant Web Mail 0.58

  • Instant Web Mail 0.59


References

BID - 4361

XF - instant-webmail-pop-commands(8650)

BUGTRAQ - 20020323 Instant Web Mail additional POP3 commands and mail headers

CONFIRM - http://instantwebmail.sourceforge.net/#changeLog


Last Updated: 27 May 2016 10:36:56