ByteOS Network

Vulnerability Details :

CVE-2002-2109

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-05 Aug, 2005 | 04:00

Updated At-17 Sep, 2024 | 03:28

Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3) a spoofed referer with a trusted domain/URL in the beginning (hostname) portion of the referer.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:05 Aug, 2005 | 04:00

Updated At:17 Sep, 2024 | 03:28

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.securityfocus.com/bid/3954	vdb-entry x_refsource_BID
http://www.iss.net/security_center/static/8012.php	vdb-entry x_refsource_XF
http://worldwidemart.com/scripts/formmail.shtml	x_refsource_CONFIRM
http://archives.neohapsis.com/archives/bugtraq/2002-01/0307.html	mailing-list x_refsource_BUGTRAQ

Hyperlink: http://www.securityfocus.com/bid/3954

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.iss.net/security_center/static/8012.php

Resource:

vdb-entry

x_refsource_XF

Hyperlink: http://worldwidemart.com/scripts/formmail.shtml

Resource:

x_refsource_CONFIRM

Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-01/0307.html

Resource:

mailing-list

x_refsource_BUGTRAQ

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.securityfocus.com/bid/3954	vdb-entry x_refsource_BID x_transferred
http://www.iss.net/security_center/static/8012.php	vdb-entry x_refsource_XF x_transferred
http://worldwidemart.com/scripts/formmail.shtml	x_refsource_CONFIRM x_transferred
http://archives.neohapsis.com/archives/bugtraq/2002-01/0307.html	mailing-list x_refsource_BUGTRAQ x_transferred

Hyperlink: http://www.securityfocus.com/bid/3954

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.iss.net/security_center/static/8012.php

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: http://worldwidemart.com/scripts/formmail.shtml

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-01/0307.html

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:31 Dec, 2002 | 05:00

Updated At:03 Apr, 2025 | 01:03

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://archives.neohapsis.com/archives/bugtraq/2002-01/0307.html	cve@mitre.org	Exploit Patch Vendor Advisory
http://worldwidemart.com/scripts/formmail.shtml	cve@mitre.org	Vendor Advisory
http://www.iss.net/security_center/static/8012.php	cve@mitre.org	N/A
http://www.securityfocus.com/bid/3954	cve@mitre.org	N/A
http://archives.neohapsis.com/archives/bugtraq/2002-01/0307.html	af854a3a-2127-422b-91ae-364da2661108	Exploit Patch Vendor Advisory
http://worldwidemart.com/scripts/formmail.shtml	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.iss.net/security_center/static/8012.php	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/3954	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-01/0307.html

Source: cve@mitre.org

Resource:

Exploit

Patch

Vendor Advisory

Hyperlink: http://worldwidemart.com/scripts/formmail.shtml

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://www.iss.net/security_center/static/8012.php

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/3954

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-01/0307.html

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Exploit

Patch

Vendor Advisory

Hyperlink: http://worldwidemart.com/scripts/formmail.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Hyperlink: http://www.iss.net/security_center/static/8012.php

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/3954

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Similar CVEs

5Records found

CVE-2001-0937

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.90% / 75.35%

7 Day CHG~0.00%

Published-02 Feb, 2002 | 05:00

Updated-03 Apr, 2025 | 01:03

PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) recipient or (2) pgpuserid parameters.

Vendor-matt_wright n/a

Product-pgpmail.pl n/a

CVE-2001-0357

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.64% / 70.01%

7 Day CHG~0.00%

Published-27 Jul, 2001 | 04:00

Updated-03 Apr, 2025 | 01:03

FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters.

Vendor-matt_wright n/a

Product-formmail n/a

CVE-1999-1053

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-90.68% / 99.60%

7 Day CHG~0.00%

Published-12 Sep, 2001 | 04:00

Updated-03 Apr, 2025 | 01:03

guestbook.pl cleanses user-inserted SSI commands by removing text between "" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".

Vendor-matt_wright n/a The Apache Software Foundation

Product-matt_wright_guestbook http_server n/a

CVE-1999-0954

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.49% / 65.03%

7 Day CHG~0.00%

Published-13 Oct, 2000 | 04:00