Published:2005/11/11 Last Updated:2008/05/21
JVN#25106961
Kent Web PostMail vulnerable to third party mail relay
Overview
Kent Web PostMail, form mail software that enables sending email from web pages, contains a vulnerability which may allow the third party to relay mail as it does not properly check input.
Products Affected
- Kent Web PostMail 3.2 and earlier
Description
Impact
An attacker could possibly compromise the mail server to send an unsolicited email.
Solution
Vendor Status
| Vendor | Link |
| Kent Web |
http://www.kent-web.com/data/postmail.html |
References
JPCERT/CC Addendum
Credit
Akihiro Sagawa of WIDE Project Antispam Working Group reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2005-000794 |