[Japanese]

JVNDB-2009-000023

FORM2MAIL from CGI RESCUE allows unauthorized email transmission

Overview

FORM2MAIL from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration.

FORM2MAIL from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. FORM2MAIL contains a vulnerability which allows unauthorized email transmission regardless of the configuration.

This vulnerability has been fixed and an updated version was released on December 13, 2008.
CVSS Severity (What is CVSS?)

Base Metrics: 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None

Affected Products


CGI RESCUE
  • FORM2MAIL v.1.41 and earlier

Impact

A remote attacker may send emails to arbitrary addresses.
Solution

[Update the software]
Update to the latest version according to the information provided by the vendor.
Vendor Information

CGI RESCUE
CWE (What is CWE?)

  1. Improper Input Validation(CWE-20) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2009-1590
References

  1. JVN : JVN#76370393
  2. National Vulnerability Database (NVD) : CVE-2009-1590
  3. Secunia Advisory : SA34869
  4. OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 54097
  5. JVN iPedia (Japanese) : JVNDB-2009-000023
Revision History

[2009/04/28]
  Web page published