[Japanese]

JVNDB-2006-000625

CGI RESCUE WebFORM allows unauthorized email transmission

Overview

WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses.

According to the vendor's information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial
Affected Products


CGI RESCUE
  • WebFORM 4.1 and earlier

Impact

A remote attacker may send emails to arbitrary addresses.
Solution

Vendor Information

CGI RESCUE
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2006-2943
References

  1. JVN : JVN#39570254
  2. National Vulnerability Database (NVD) : CVE-2006-2943
  3. Secunia Advisory : SA20515
  4. SecurityFocus : 18434
  5. FrSIRT Advisories : FrSIRT/ADV-2006-2234
Revision History

  • [2008/05/21]
      Web page published

Date Public2006/06/09
Date First Published2008/05/21
Date Last Updated2008/05/21