JVN#28020230 Web Mailer from CGI RESCUE vulnerable to HTTP header injection

2009-04-27T00:00:00
ID JVN:28020230
Type jvn
Reporter Japan Vulnerability Notes
Modified 2009-04-28T00:00:00

Description

## Description

Web Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability.

## Impact

Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response splitting attacks are also possible as a result.

## Solution

Update the software
Update to the latest version according to the information provided by the vendor.

## Products Affected

  • WEB Mailer v1.03 and earlier