Summary
The target is running at least one instance of Simple Form which fails to remove newlines from variables used to construct message headers. A remote attacker can exploit this flaw to add to the list of recipients, enabling him to use Simple Form on the target as a proxy for sending abusive mail or spam.
Solution
Upgrade to Simple Form 2.3 or later.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Ampache Reflected Cross Site Scripting Vulnerability
- Apache Archiva Cross Site Request Forgery Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Apache Struts Directory Traversal Vulnerability