Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0259

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2004-0259
Last Modified 05 Sep 2008 04:37:57
Published 23 Nov 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-0259

Summary

The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue.

Vulnerable Systems

Application

  • Joe Lumbroso Acks Formmail.php 2.0

  • Joe Lumbroso Acks Formmail.php 5.0


References

XF - jack-formmail-file-upload(15079)

BID - 9591

BUGTRAQ - 20040206 formmail (PHP) Upload file using CSS


Last Updated: 27 May 2016 10:38:32