4 matches found
cgiemail and cgiecho Multiple Security Vulnerabilities (CVE-2017-5613)
SEC-212 Format string injection The ability to supply arbitrary format strings to cgiemail and cgiecho allowed code execution whenever a user was able to provide a cgiemail template file. Use CVE-2017-5613. SEC-214 Open redirect The cgiemail and cgiecho binaries served as an open redirect due to...
CVE-2017-5615
cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location...
CVE-2017-5615
cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location...
CVE-2017-5615
CVE-2017-5615 affects the cgiemail and cgiecho binaries, enabling HTTP header injection by supplying a newline in the redirect location. Public references describe an open redirect and header-injection combination across related CVEs in the same package. The Debian advisory (DLA-869-1) fixes the ...