Vulnerability Description
The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joe Lumbroso Acks | Formmail.Php | 2.0 |
References
- http://marc.info/?l=bugtraq&m=107619109629629&w=2
- http://www.securityfocus.com/bid/9591Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15079
- http://marc.info/?l=bugtraq&m=107619109629629&w=2
- http://www.securityfocus.com/bid/9591Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15079
FAQ
What is CVE-2004-0259?
CVE-2004-0259 is a vulnerability with a CVSS score of 9.3 (HIGH). The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the sam...
How severe is CVE-2004-0259?
CVE-2004-0259 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0259?
Check the references section above for vendor advisories and patch information. Affected products include: Joe Lumbroso Acks Formmail.Php.