[Japanese]

JVNDB-2006-000605

Hyper NIKKI System allows unauthorized email submission

Overview

Hyper NIKKI System (hns) is web log software from the Hyper NIKKI System Project. hns allows unauthorized email submission as it does not validate inputs properly.
CVSS Severity (What is CVSS?)

Base Metrics: 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None

Affected Products


HyperNikkiSystem Project
  • hns 2.19.6 (hns-lite-2.19.6) and earlier

Impact

An attacker could use the server to send unauthorized emails. In addition, when the server provides email service, the attacker could possibly conduct a DoS attack by generating many bounced emails.
Solution

On March 8 2006, the vendor announced that a problem exists in make-rurimap.cgi of hns-2.19.7 and released hns-2.19.8. For more information, refer to the vendor's website.
Vendor Information

HyperNikkiSystem Project
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#65542239
Revision History

[2008/05/21]
  Web page published

Date Public2006/02/28
Date First Published2008/05/21
Date Last Updated2008/05/21