[Japanese]

JVNDB-2009-000021

MiniBBS22 from CGI RESCUE allows unauthorized email transmission

Overview

MiniBBS22 from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration.

MiniBBS22 is a message board script provided by CGI RESCUE. MiniBBS22 contains a vulnerability which allows unauthorized email transmission regardless of the configuration.

This vulnerability has been fixed and an updated version was released on December 13, 2008.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


CGI RESCUE
  • MiniBBS22 v.1.00

Impact

A remote attacker may send any email to an arbitrary address.
Solution

[Update the software]
Update to the latest version according to the information provided by the vendor.
Vendor Information

CGI RESCUE
CWE (What is CWE?)

  1. Improper Input Validation(CWE-20) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2009-1589
References

  1. JVN : JVN#36982346
  2. National Vulnerability Database (NVD) : CVE-2009-1589
  3. JVN iPedia (Japanese) : JVNDB-2009-000021
Revision History

  • [2009/04/28]
      Web page published