CVE-2006-0630
Last modified
CVE-2006-0630 is a vulnerability of currently unknown severity. RITLabs The Bat! before 3.0.0.15 displays certain important headers from encapsulated data in message/partial MIME messages, instead of the real headers, which is in violation of RFC2046 header merging rules and allows remote attackers to spoof the origin of e-mail by sending a fragmented message, as demonstrated using spoofed Received: and Message-ID: headers.. EPSS estimates a 1.60% chance of exploitation in the next 30 days.
Description
RITLabs The Bat! before 3.0.0.15 displays certain important headers from encapsulated data in message/partial MIME messages, instead of the real headers, which is in violation of RFC2046 header merging rules and allows remote attackers to spoof the origin of e-mail by sending a fragmented message, as demonstrated using spoofed Received: and Message-ID: headers.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ritlabs | The Bat | 3.0 |
| Ritlabs | The Bat | 3.0.0.7 |
| Ritlabs | The Bat | 3.0.0.8 |
| Ritlabs | The Bat | 3.0.0.9 |
| Ritlabs | The Bat | 3.0.0.10 |
| Ritlabs | The Bat | 3.0.0.11 |
| Ritlabs | The Bat | 3.0.0.12 |
| Ritlabs | The Bat | 3.0.0.14 |
References
- http://www.security.nnov.ru/advisories/thebatspoof.aspExploit, Vendor Advisory
- http://www.security.nnov.ru/advisories/thebatspoof.aspExploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-0630?
How severe is CVE-2006-0630?
How do I fix CVE-2006-0630?
Are you affected by CVE-2006-0630?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST