CVE

CVE-2007-1713

Date: (C)2007-03-27   (M)2023-12-22

CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, and BASP21 Pro 1.0.702.27 and earlier, allows remote attackers to inject arbitrary headers into e-mail messages via CRLF sequences in Subject lines.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.4
Exploit Score: 10.0
Impact Score: 4.9
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE

Reference:

BID-23134

SECUNIA-24652

OSVDB-34495

ADV-2007-1113

JVN#86092776

basp21-bsmtp-mail-relay(33211)

http://www.hi-ho.ne.jp/babaq/basp21.html