[Japanese]

JVNDB-2007-000087

CGI RESCUE WebFORM missing mail content vulnerability

Overview

WebFORM from CGI RESCUE is software that enables the emailing of contents of an HTML form. A vulnerability exists in WebFORM. By entering a particular string in the message body, a message missing sender information could be sent.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


CGI RESCUE
  • WebFORM 4.3 and earlier

Impact

Some part of the sender information in the message may be lost.
Solution

Vendor Information

CGI RESCUE
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#24879092
Revision History

  • [2008/05/21]
      Web page published