Vulnerability Description
CRLF injection vulnerability in mailback.pl in Erik C. Thauvin mailback allows remote attackers to use mailback as a "spam proxy" by modifying mail headers, including recipient e-mail addresses, via newline characters in the Subject field.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Erik C. Thauvin | Mailback | All versions |
References
- http://seclists.org/lists/bugtraq/2006/Feb/0094.html
- http://seclists.org/lists/bugtraq/2006/Feb/0154.htmlExploit
- http://secunia.com/advisories/18748PatchVendor Advisory
- http://vc.thauvin.net/cvs/cgi/mailback/mailback.pl?view=log
- http://www.osvdb.org/22955Patch
- http://www.vupen.com/english/advisories/2006/0459
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24540
- http://seclists.org/lists/bugtraq/2006/Feb/0094.html
- http://seclists.org/lists/bugtraq/2006/Feb/0154.htmlExploit
- http://secunia.com/advisories/18748PatchVendor Advisory
- http://vc.thauvin.net/cvs/cgi/mailback/mailback.pl?view=log
- http://www.osvdb.org/22955Patch
- http://www.vupen.com/english/advisories/2006/0459
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24540
FAQ
What is CVE-2006-0631?
CVE-2006-0631 is a vulnerability with a CVSS score of 5.0 (MEDIUM). CRLF injection vulnerability in mailback.pl in Erik C. Thauvin mailback allows remote attackers to use mailback as a "spam proxy" by modifying mail headers, including recipient e-mail addresses, via n...
How severe is CVE-2006-0631?
CVE-2006-0631 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0631?
Check the references section above for vendor advisories and patch information. Affected products include: Erik C. Thauvin Mailback.