CRLF Injection Vulnerability in cgiemail by hardsystems
CVE-2002-1575

Currently unrated

Key Information:

Vendor: Mit
Status: Cgiemail
Vendor: CVE Published:; 3 March 2004

What is CVE-2002-1575?

The cgiemail product from hardsystems is susceptible to CRLF injection, which enables attackers to exploit it as a spam proxy. By manipulating certain parameters, such as 'required-subject,' attackers can inject encoded newline (%0a) characters into the email headers, allowing them to change CC, BCC, and other fields in the generated email messages. This vulnerability poses significant risks to email integrity and can lead to unauthorized email distribution.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/9361

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/5013

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=106520691705768&w=2

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2004
Vulnerability Reserved
Feb 10, 2004

CVE-2002-1575 Data

JSON

Mit

What is CVE-2002-1575?

References

Timeline