Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1575

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1575
Last Modified 05 Sep 2008 04:30:58
Published 03 Mar 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1575

Summary

cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.

Vulnerable Systems

Application

  • Mit Cgiemail 1.6


References

BID - 5013

DEBIAN - DSA-437

XF - cgiemail-open-mail-relay(9361)

BUGTRAQ - 20020614 Another cgiemail bug

BUGTRAQ - 20031003 patch for vulnerability in cgiemail


Last Updated: 27 May 2016 10:37:24