1. CVE-Search
  2. CVE-2006-0630
ID CVE-2006-0630
Summary RITLabs The Bat! before 3.0.0.15 displays certain important headers from encapsulated data in message/partial MIME messages, instead of the real headers, which is in violation of RFC2046 header merging rules and allows remote attackers to spoof the origin of e-mail by sending a fragmented message, as demonstrated using spoofed Received: and Message-ID: headers.
References
Vulnerable Configurations
  • cpe:2.3:a:ritlabs:the_bat:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:ritlabs:the_bat:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ritlabs:the_bat:3.0.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:ritlabs:the_bat:3.0.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ritlabs:the_bat:3.0.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:ritlabs:the_bat:3.0.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:ritlabs:the_bat:3.0.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:ritlabs:the_bat:3.0.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:ritlabs:the_bat:3.0.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:ritlabs:the_bat:3.0.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:ritlabs:the_bat:3.0.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:ritlabs:the_bat:3.0.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:ritlabs:the_bat:3.0.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:ritlabs:the_bat:3.0.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:ritlabs:the_bat:3.0.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:ritlabs:the_bat:3.0.0.14:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 19-10-2018 - 15:45)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 16515
bugtraq 20060206 SECURITY.NNOV: The Bat! 2.x message headers spoofing
confirm https://www.ritlabs.com/bt/bug_view_advanced_page.php?bug_id=0003029
fulldisc 20060206 SECURITY.NNOV: The Bat! 2.x message headers spoofing
misc http://www.security.nnov.ru/advisories/thebatspoof.asp
secunia 18713
xf thebat-message-header-spoofing(24535)
Last major update 19-10-2018 - 15:45
Published 10-02-2006 - 11:02
Last modified 19-10-2018 - 15:45
Back to Top