Lucene search

[email protected]CVE-2003-0979

HistoryJan 05, 2004 - 5:00 a.m.

CVE-2003-0979

2004-01-0505:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

freescripts

visitorbook

visitorbook.pl

input validation

line breaks

open mail relay

guestbook database

security vulnerability

cve-2003-0979

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.1%

JSON

FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or (2) cause the guestbook database to be deleted via a large number of line breaks that exceeds the $max_posts variable.

CPENameOperatorVersion
freescripts:visitorbookfreescripts visitorbookeqle

CPE	Name	Operator	Version
freescripts:visitorbook	freescripts visitorbook	eq	le

References

marc.info/?l=bugtraq&m=107107840622493&w=2

www.westpoint.ltd.uk/advisories/wp-03-0001.txt

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.1%

JSON