Vulnerabilities > CVE-2006-0630 - Unspecified vulnerability in Ritlabs the BAT
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
RITLabs The Bat! before 3.0.0.15 displays certain important headers from encapsulated data in message/partial MIME messages, instead of the real headers, which is in violation of RFC2046 header merging rules and allows remote attackers to spoof the origin of e-mail by sending a fragmented message, as demonstrated using spoofed Received: and Message-ID: headers.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041973.html
- http://secunia.com/advisories/18713
- http://www.security.nnov.ru/advisories/thebatspoof.asp
- http://www.securityfocus.com/archive/1/424129/100/0/threaded
- http://www.securityfocus.com/bid/16515
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24535
- https://www.ritlabs.com/bt/bug_view_advanced_page.php?bug_id=0003029