CVE-ID

CVE-2001-0357

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20010524 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20060526)
Votes (Legacy)
ACCEPT(2) Baker, Frech
NOOP(6) Bishop, Christey, Cole, Foat, Wall, Ziese
REVIEWING(1) Williams
Comments (Legacy)
 Baker> http://www.securityfocus.com/archive/1/168177
   http://www.securityfocus.com/archive/1/168292
   http://www.securityfocus.com/archive/1/168366
   http://www.securityfocus.com/archive/1/168345
   http://www.securityfocus.com/archive/1/168302
   http://www.securityfocus.com/archive/1/168360
   http://www.securityfocus.com/archive/1/168633
   
   I think from the discussion on the Bugtraq list, there is sufficient verfication that this
   is a real problem, and well-known.  There are a couple of work arounds
   described in the posts, so this should be accepted.
 Christey> Fix typo: "paramaters"
 Christey> Fix typo: "paramater"
 Christey> The following references discuss this problem and/or later
   variants of it, up to version 1.9.
   MISC:http://www.softwolves.pp.se/misc/formmail_hall_of_shame
   MISC:http://www.monkeys.com/anti-spam/formmail-advisory.pdf
   MISC:http://www.scriptarchive.com/readme/formmail.html

Proposed (Legacy)
20010727
This is an entry on the CVE list, which standardizes names for security problems.