Vulnerabilities > CVE-2006-4344 - Email Header Injection vulnerability in Cgi-Rescue Mail F W System 8.3

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

cgi-rescue

NVD

Published: 2006-08-24

Updated: 2011-03-08

Summary

CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) before 8.3 allows remote attackers to spoof e-mails and inject e-mail headers via unspecified vectors in (1) mail.cgi and (2) query.cgi.

Vulnerable Configurations

Part	Description	Count
Application	Cgi-Rescue CGI Rescue Mail F W System 8.3	1

References

http://jvn.jp/jp/JVN%2311048526/index.html
http://secunia.com/advisories/21543
http://www.osvdb.org/28131
http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20060822210549
http://www.securityfocus.com/bid/19676
http://www.vupen.com/english/advisories/2006/3359