Lucene search

MitreCVE-2004-0259

HistoryNov 23, 2004 - 5:00 a.m.

CVE-2004-0259

2004-11-2305:00:00

mitre

web.nvd.nist.gov

cve-2004-0259

formmail.php

xss

access restrictions

http referer

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

High

EPSS

0.005

Percentile

76.8%

JSON

The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue.

Affected configurations

Nvd

Node

joe_lumbroso_acksformmail.phpMatch2.0

joe_lumbroso_acksformmail.phpMatch5.0

VendorProductVersionCPE
joe_lumbroso_acksformmail.php2.0cpe:2.3:a:joe_lumbroso_acks:formmail.php:2.0:*:*:*:*:*:*:*
joe_lumbroso_acksformmail.php5.0cpe:2.3:a:joe_lumbroso_acks:formmail.php:5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
joe_lumbroso_acks	formmail.php	2.0	cpe:2.3:a:joe_lumbroso_acks:formmail.php:2.0:::::::*
joe_lumbroso_acks	formmail.php	5.0	cpe:2.3:a:joe_lumbroso_acks:formmail.php:5.0:::::::*

References

marc.info/?l=bugtraq&m=107619109629629&w=2

www.securityfocus.com/bid/9591

exchange.xforce.ibmcloud.com/vulnerabilities/15079

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

High

EPSS

0.005

Percentile

76.8%

JSON

Related for CVE-2004-0259