Vulnerability Details : CVE-2006-0631
Potential exploit
CRLF injection vulnerability in mailback.pl in Erik C. Thauvin mailback allows remote attackers to use mailback as a "spam proxy" by modifying mail headers, including recipient e-mail addresses, via newline characters in the Subject field.
Products affected by CVE-2006-0631
- cpe:2.3:a:erik_c._thauvin:mailback:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-0631
0.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-0631
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2006-0631
-
http://seclists.org/lists/bugtraq/2006/Feb/0154.html
Bugtraq: Re: mailback script exploitExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24540
-
http://www.osvdb.org/22955
Patch
-
http://seclists.org/lists/bugtraq/2006/Feb/0094.html
-
http://secunia.com/advisories/18748
Patch;Vendor Advisory
-
http://vc.thauvin.net/cvs/cgi/mailback/mailback.pl?view=log
-
http://www.vupen.com/english/advisories/2006/0459
Jump to