Vulnerabilities > CVE-2002-0490 - Unspecified vulnerability in Instant web Mail Instant web Mail

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

instant-web-mail

NVD

Published: 2002-08-12

Updated: 2024-11-20

Summary

Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.

Vulnerable Configurations

Part	Description	Count
Application	Instant_Web_Mail Instant WEB Mail Instant WEB Mail 0.59 Instant WEB Mail Instant WEB Mail 0.56 Instant WEB Mail Instant WEB Mail 0.55 Instant WEB Mail Instant WEB Mail 0.58 Instant WEB Mail Instant WEB Mail 0.57	5

References

http://instantwebmail.sourceforge.net/#changeLog
http://instantwebmail.sourceforge.net/#changeLog
http://www.iss.net/security_center/static/8650.php
http://www.iss.net/security_center/static/8650.php
http://www.securityfocus.com/archive/1/264041
http://www.securityfocus.com/archive/1/264041
http://www.securityfocus.com/bid/4361
http://www.securityfocus.com/bid/4361