[Japanese]

JVNDB-2007-000085

CGI RESCUE WebFORM vulnerable to HTTP header injection

Overview

WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


CGI RESCUE
  • WebFORM 4.3 and earlier

Impact

Falsified information may be displayed or an arbitrary script may be executed on the user's web browser.
Solution

Vendor Information

CGI RESCUE
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#05088443
Revision History

  • [2008/05/21]
      Web page published