NVD

Id
48745  
Name
CVE-2009-1469  
Description
CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user"s correct credentials, and requests that the user compose a reply that includes this message.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-07  
Published
2009-05-05  
Modified Date
2009-05-16  
Seq
2009-1469  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
246262 48745 CVE-2009-1469 http://www.redteam-pentesting.de/advisories/rt-sa-2009-004  View
246263 48745 CVE-2009-1469 20090505 [RT-SA-2009-004] IceWarp WebMail Server: Client-Side Specification of "Forgot Password" eMail Content  View
246264 48745 CVE-2009-1469 34827  View
246265 48745 CVE-2009-1469 1022166  View
246266 48745 CVE-2009-1469 ADV-2009-1253  View
246267 48745 CVE-2009-1469 merak-forgot-password-header-injection(50332)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
43609 JVNDB-2009-004616 IceWarp の eMail Server などの Forgot Password 実装における CRLF インジェクションの脆弱性 IceWarp の eMail Server および WebMail Server の server/webmail.php の Forgot Password 実装には、CRLF インジェクションの脆弱性が存在します。 CVE-2009-1469 38900 CVE-2009-1469 48745 4.3 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-004616.html 2009-05-05 2012-09-25 View