Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3473

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3473
Last Modified 07 Mar 2011 09:38:43
Published 10 Jul 2006 04:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3473

Summary

CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 allows remote attackers to inject e-mail headers, which facilitates sending spam messages, a different issue than CVE-2006-1225.

Vulnerable Systems

Application

  • Drupal Form Mail Module 1.8.2.1


References

CONFIRM - http://drupal.org/node/72177

VUPEN - ADV-2006-2670

SECUNIA - 20920

XF - drupal-formmail-email-header-injection(27578)

BID - 18833


Last Updated: 27 May 2016 10:43:01