QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2002-1575

Back to search

CVE-2002-1575

Published: Feb 11, 2004

Modified: Aug 8, 2024

PUBLISHED

Description

cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.

VendorProductVersions

n/a

n/a

affected
n/a

References

cgiemail-open-mail-relay(9361)
vdb-entry
x_refsource_XF
5013
vdb-entry
x_refsource_BID
20031003 patch for vulnerability in cgiemail
mailing-list
x_refsource_BUGTRAQ
20020614 Another cgiemail bug
mailing-list
x_refsource_BUGTRAQ
DSA-437
vendor-advisory
x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now