[Japanese]

JVNDB-2009-000024

Web Mailer from CGI RESCUE vulnerable to HTTP header injection

Overview

Web Mailer from CGI RESCUE contains a HTTP header injection vulnerability.

Web Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability.

This vulnerability has been fixed and an updated version was released on February 9, 2009.
CVSS Severity (What is CVSS?)

Base Metrics: 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial

Affected Products


CGI RESCUE
  • WEB Mailer v1.03 and earlier

Impact

Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response splitting attacks are also possible as a result.
Solution

[Update the software]
Update to the latest version according to the information provided by the vendor.
Vendor Information

CGI RESCUE
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2009-1591
References

  1. JVN : JVN#28020230
  2. National Vulnerability Database (NVD) : CVE-2009-1591
  3. Secunia Advisory : SA34862
  4. JVN iPedia (Japanese) : JVNDB-2009-000024
Revision History

[2009/04/28]
  Web page published