|
[Japanese]
|
JVNDB-2007-000226
|
BASP21 vulnerable to mail header injection
|
|
BASP21 provided by B21Soft, Inc. is a component for Windows applications. BASP21 contains a mail header injection vulnerability.
Tomoki Sanaki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 4.8 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: Low
CVSS V2 Severity:
Base Metrics 5.8 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
B21Soft
- BASP21 Bsendm.exe prior to V2,7,5,31
- BASP21 Bsmtp.dll prior to V2,7,5,31
- BASP21 Pro basp21p.dll versions prior to 1,0,704,16
|
|
|
The header of an email created by BASP21 to be sent from a web application mail form may be altered by an unauthenticated remote attacker. As a result, an unintended email may be sent or a denial-of-service (DoS) condition may be caused.
|
|
[Update the Software]
Update to the latest version according to the information provided by the developer.
|
|
B21Soft
|
|
- Improper Input Validation(CWE-20) [IPA Evaluation]
|
|
- CVE-2007-1713
|
|
- JVN : JVN#86092776
- JVN : JVN#70380788
- National Vulnerability Database (NVD) : CVE-2007-1713
- IPA SECURITY ALERTS : Security Alert for Vulnerability in BASP21 (JVN#86092776) (in Japanese)
- Secunia Advisory : SA24652
- SecurityFocus : 23134
- ISS X-Force Database : 33211
- FrSIRT Advisories : FrSIRT/ADV-2007-1113
|
|
- [2008/05/21]
Web page published
[2016/10/13]
Title was modified
Overview was modified
CVSS Severity was modified
Affected Products were modified
Impact was modified
Solution was modified
CWE : CWE-ID was added
References : Contents were added
|
