10
CVE-2002-0490
- EPSS 2.75%
- Veröffentlicht 12.08.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:57:32
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginInstant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Instant Web Mail ≫ Instant Web Mail Version0.55
Instant Web Mail ≫ Instant Web Mail Version0.56
Instant Web Mail ≫ Instant Web Mail Version0.57
Instant Web Mail ≫ Instant Web Mail Version0.58
Instant Web Mail ≫ Instant Web Mail Version0.59
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.75% | 0.843 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
http://instantwebmail.sourceforge.net/#changeLog
http://www.iss.net/security_center/static/8650.php
http://www.securityfocus.com/archive/1/264041
http://www.securityfocus.com/bid/4361