Vulnerabilities > CVE-2006-0630 - Unspecified vulnerability in Ritlabs the BAT
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
RITLabs The Bat! before 3.0.0.15 displays certain important headers from encapsulated data in message/partial MIME messages, instead of the real headers, which is in violation of RFC2046 header merging rules and allows remote attackers to spoof the origin of e-mail by sending a fragmented message, as demonstrated using spoofed Received: and Message-ID: headers.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041973.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041973.html
- http://secunia.com/advisories/18713
- http://secunia.com/advisories/18713
- http://www.security.nnov.ru/advisories/thebatspoof.asp
- http://www.security.nnov.ru/advisories/thebatspoof.asp
- http://www.securityfocus.com/archive/1/424129/100/0/threaded
- http://www.securityfocus.com/archive/1/424129/100/0/threaded
- http://www.securityfocus.com/bid/16515
- http://www.securityfocus.com/bid/16515
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24535
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24535
- https://www.ritlabs.com/bt/bug_view_advanced_page.php?bug_id=0003029
- https://www.ritlabs.com/bt/bug_view_advanced_page.php?bug_id=0003029