ID BIZMAIL_CGI_XSS.NASL Type nessus Reporter This script is Copyright (C) 2005-2021 Tenable Network Security, Inc. Modified 2021-01-19T00:00:00
Description
The remote web server is hosting the CGI bizmail.cgi, a CGI script for sending the content of web forms to email addresses.
The remote version of this software fails to sanitize the 'email' parameter to the 'bizmail.cgi' script of CRLF sequences. An unauthenticated, remote attacker may be able to leverage this issue to send spam or other sorts of abusive mail through the affected host.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(17193);
script_version("1.18");
script_cve_id("CVE-2005-0493");
script_bugtraq_id(12620);
script_name(english:"BizMail bizmail.cgi Arbitrary Mail Relay");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a CGI script that allows unauthorized
mail relaying." );
script_set_attribute(attribute:"description", value:
"The remote web server is hosting the CGI bizmail.cgi, a CGI script for
sending the content of web forms to email addresses.
The remote version of this software fails to sanitize the 'email'
parameter to the 'bizmail.cgi' script of CRLF sequences. An
unauthenticated, remote attacker may be able to leverage this issue to
send spam or other sorts of abusive mail through the affected host." );
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2005/Feb/362" );
script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/advisories/14351/" );
script_set_attribute(attribute:"solution", value:
"Unknown at this time." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"plugin_publication_date", value: "2005/02/22");
script_set_attribute(attribute:"vuln_publication_date", value: "2005/02/18");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_summary(english:"Checks the version of bizmail.cgi");
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
script_family(english:"CGI abuses");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_dependencie("http_version.nasl");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80);
foreach dir ( cgi_dirs() )
{
r = http_send_recv3(method:"GET", item: dir + "/bizmail.cgi", port:port);
res = strcat(r[0], r[1], '\r\n', r[2]);
if ( "Biz Mail Form " >< res )
{
if ( egrep(pattern:"Biz Mail Form.* ([01]\.|2\.[02] )", string:res) )
{
security_warning( port);
exit(0);
}
}
}
{"id": "BIZMAIL_CGI_XSS.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "BizMail bizmail.cgi Arbitrary Mail Relay", "description": "The remote web server is hosting the CGI bizmail.cgi, a CGI script for sending the content of web forms to email addresses. \n\nThe remote version of this software fails to sanitize the 'email' parameter to the 'bizmail.cgi' script of CRLF sequences. An unauthenticated, remote attacker may be able to leverage this issue to send spam or other sorts of abusive mail through the affected host.", "published": "2005-02-22T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/17193", "reporter": "This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0493", "https://seclists.org/bugtraq/2005/Feb/362", "https://secuniaresearch.flexerasoftware.com/advisories/14351/"], "cvelist": ["CVE-2005-0493"], "immutableFields": [], "lastseen": "2021-08-19T13:18:00", "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0493"]}], "rev": 4}, "score": {"value": 5.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2005-0493"]}, {"type": "nessus", "idList": ["HTTP_VERSION.NASL"]}]}, "exploitation": null, "vulnersScore": 5.5}, "pluginID": "17193", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(17193);\n script_version(\"1.18\");\n\n script_cve_id(\"CVE-2005-0493\");\n script_bugtraq_id(12620);\n \n script_name(english:\"BizMail bizmail.cgi Arbitrary Mail Relay\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a CGI script that allows unauthorized\nmail relaying.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote web server is hosting the CGI bizmail.cgi, a CGI script for\nsending the content of web forms to email addresses. \n\nThe remote version of this software fails to sanitize the 'email'\nparameter to the 'bizmail.cgi' script of CRLF sequences. An\nunauthenticated, remote attacker may be able to leverage this issue to\nsend spam or other sorts of abusive mail through the affected host.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2005/Feb/362\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://secuniaresearch.flexerasoftware.com/advisories/14351/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Unknown at this time.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/02/22\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/02/18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n script_summary(english:\"Checks the version of bizmail.cgi\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"CGI abuses\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_dependencie(\"http_version.nasl\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\n\nforeach dir ( cgi_dirs() )\n{\n r = http_send_recv3(method:\"GET\", item: dir + \"/bizmail.cgi\", port:port);\n res = strcat(r[0], r[1], '\\r\\n', r[2]);\n if ( \"Biz Mail Form \" >< res )\n {\n if ( egrep(pattern:\"Biz Mail Form.* ([01]\\.|2\\.[02] )\", string:res) )\n\t{\n\tsecurity_warning( port);\n\texit(0);\n\t}\n }\n}\n", "naslFamily": "CGI abuses", "cpe": [], "solution": "Unknown at this time.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "2.5"}, "exploitAvailable": true, "exploitEase": "No exploit is required", "patchPublicationDate": null, "vulnerabilityPublicationDate": "2005-02-18T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}
{"cve": [{"lastseen": "2022-03-23T11:36:48", "description": "CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before 2.2 allows remote attackers to bypass the email check and send spam e-mail via CRLF sequences and forged mail headers in the email parameter.", "cvss3": {}, "published": "2005-05-02T04:00:00", "type": "cve", "title": "CVE-2005-0493", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-0493"], "modified": "2016-10-18T03:12:00", "cpe": ["cpe:/a:seth_m._knorr:biz_mail_form:2.1"], "id": "CVE-2005-0493", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0493", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:seth_m._knorr:biz_mail_form:2.1:*:*:*:*:*:*:*"]}]}
