[Japanese]

JVNDB-2006-000624

CGI RESCUE WebFORM allows unauthorized email transmission

Overview

WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses.

According to the vendor's information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.
CVSS Severity (What is CVSS?)

Base Metrics: 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial

Affected Products


CGI RESCUE
  • FORM2MAIL v1.21 and earlier

Impact

A remote attacker may send emails to arbitrary addresses.
Solution

Vendor Information

CGI RESCUE
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2006-2944
References

  1. JVN : JVN#39570254
  2. National Vulnerability Database (NVD) : CVE-2006-2944
  3. Secunia Advisory : SA20515
  4. SecurityFocus : 18434
  5. FrSIRT Advisories : FrSIRT/ADV-2006-2234
Revision History

[2008/05/21]
  Web page published

Date Public2006/06/09
Date First Published2008/05/21
Date Last Updated2008/05/21