CVE-2010-3913

Published: Nov 5, 2010Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Affected (1)

Products: Transware: Active! Mail

Transware

1 product

Active! Mail

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Transware Active! Mail	Up to 6.40.010047750

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (10)

http://jvn.jp/en/jp/JVN72541530/index.html

Source: vultures@jpcert.or.jp

http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000050.html

Source: vultures@jpcert.or.jp

http://secunia.com/advisories/42039

Source: vultures@jpcert.or.jp

Vendor Advisory

http://www.osvdb.org/68943

Source: vultures@jpcert.or.jp

http://www.transware.co.jp/security/am0610001.html

Source: vultures@jpcert.or.jp

http://jvn.jp/en/jp/JVN72541530/index.html