Vulnerabilities > CVE-2006-0631 - Remote Security vulnerability in Mailback

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

erik-c-thauvin

NVD

Published: 2006-02-10

Updated: 2017-07-20

Summary

CRLF injection vulnerability in mailback.pl in Erik C. Thauvin mailback allows remote attackers to use mailback as a "spam proxy" by modifying mail headers, including recipient e-mail addresses, via newline characters in the Subject field.

Vulnerable Configurations

Part	Description	Count
Application	Erik_C._Thauvin Erik C. Thauvin Mailback *	1

References

http://seclists.org/lists/bugtraq/2006/Feb/0094.html
http://seclists.org/lists/bugtraq/2006/Feb/0154.html
http://secunia.com/advisories/18748
http://vc.thauvin.net/cvs/cgi/mailback/mailback.pl?view=log
http://www.osvdb.org/22955
http://www.vupen.com/english/advisories/2006/0459
https://exchange.xforce.ibmcloud.com/vulnerabilities/24540