PT-2005-1548 · Unknown · Biz Mail Form

Jason Frisvold

Publicado

2005-02-21

Atualizado

2016-10-18

CVE-2005-0493

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Biz Mail Form versions prior to 2.2

Description The issue allows remote attackers to bypass the email check and send spam email via CRLF sequences and forged mail headers in the email parameter. This is due to a CRLF injection vulnerability in the bizmail.cgi component.

Recommendations For versions prior to 2.2, update to version 2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the bizmail.cgi component to minimize the risk of exploitation. Avoid using the email parameter in the affected component until the issue is resolved.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-0493

Produtos afetados

Biz Mail Form

PT-2005-1548 · Unknown · Biz Mail Form

CVE-2005-0493

Identificadores relacionados

Produtos afetados

Referências · 2