FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

typo3 -- email header injection

Affected packages
3.0 < typo3 < 4.0.5
4.1 < typo3 < 4.1.1

Details

VuXML ID 62b8f253-12d9-11dc-a35c-001485ab073e
Discovery 2007-02-21
Entry 2007-06-04

Olivier Dobberkau, Andreas Otto, and Thorsten Kahler report:

An unspecified error in the internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not meant for, e.g. sending spam messages.

[source]

References

CVE Name CVE-2007-1081
URL http://secunia.com/advisories/24207/
URL http://typo3.org/teams/security/security-bulletins/typo3-20070221-1/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.