VULHUB ™

FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user. It is written in Perl and will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. FormMail relies on the HTTP_REFERER header to establish the identity of the user. Forged HTTP_REFERERS may circumvent the measures employed by FormMail to validate the authenticity of the user. It is trivial for a remote attacker to craft their own HTTP_REFERER header. A remote attacker may take advantage of this issue to exploit other vulnerabilities, such as manipulating CGI variables to use the FormMail program as an anonymous e-mail relay for spamming/mailbombing purposes. For more information, refer to BugTraq ID 2469 "FormMail Recipient CGI Variable Spamming Vulnerability".

FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user. It is written in Perl and will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. FormMail relies on the HTTP_REFERER header to establish the identity of the user. Forged HTTP_REFERERS may circumvent the measures employed by FormMail to validate the authenticity of the user. It is trivial for a remote attacker to craft their own HTTP_REFERER header. A remote attacker may take advantage of this issue to exploit other vulnerabilities, such as manipulating CGI variables to use the FormMail program as an anonymous e-mail relay for spamming/mailbombing purposes. For more information, refer to BugTraq ID 2469 "FormMail Recipient CGI Variable Spamming Vulnerability".