Published:2005/11/11  Last Updated:2008/05/21

JVN#25106961
Kent Web PostMail vulnerable to third party mail relay

Overview

Kent Web PostMail, form mail software that enables sending email from web pages, contains a vulnerability which may allow the third party to relay mail as it does not properly check input.

Products Affected

  • Kent Web PostMail 3.2 and earlier

Description

Impact

An attacker could possibly compromise the mail server to send an unsolicited email.

Solution

Vendor Status

References

JPCERT/CC Addendum

Credit

Akihiro Sagawa of WIDE Project Antispam Working Group reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2005-000794

Update History