Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2015-9097
Vulnerability from gsd - Updated: 2015-12-09 00:00Details
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
Aliases
{
"GSD": {
"alias": "CVE-2015-9097",
"description": "The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.",
"id": "GSD-2015-9097",
"references": [
"https://www.suse.com/security/cve/CVE-2015-9097.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "mail",
"purl": "pkg:gem/mail"
}
}
],
"aliases": [
"CVE-2015-9097",
"OSVDB-131677",
"GHSA-q86f-fmqf-qrf6"
],
"details": "The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.",
"id": "GSD-2015-9097",
"modified": "2015-12-09T00:00:00.000Z",
"published": "2015-12-09T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://hackerone.com/reports/137631"
},
{
"type": "WEB",
"url": "http://www.mbsd.jp/Whitepaper/smtpi.pdf"
},
{
"type": "WEB",
"url": "https://github.com/mikel/mail/pull/1097"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 6.1,
"type": "CVSS_V3"
}
],
"summary": "CVE-2015-9097 rubygem-mail: SMTP injection via recipient email addresses"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mikel/mail/pull/1097",
"refsource": "MISC",
"url": "https://github.com/mikel/mail/pull/1097"
},
{
"name": "https://hackerone.com/reports/137631",
"refsource": "MISC",
"url": "https://hackerone.com/reports/137631"
},
{
"name": "https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83",
"refsource": "MISC",
"url": "https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83"
},
{
"name": "http://openwall.com/lists/oss-security/2015/12/11/3",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2015/12/11/3"
},
{
"name": "https://rubysec.com/advisories/mail-OSVDB-131677",
"refsource": "MISC",
"url": "https://rubysec.com/advisories/mail-OSVDB-131677"
},
{
"name": "https://github.com/rubysec/ruby-advisory-db/issues/215",
"refsource": "MISC",
"url": "https://github.com/rubysec/ruby-advisory-db/issues/215"
},
{
"name": "http://www.mbsd.jp/Whitepaper/smtpi.pdf",
"refsource": "MISC",
"url": "http://www.mbsd.jp/Whitepaper/smtpi.pdf"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2015-9097",
"cvss_v3": 6.1,
"date": "2015-12-09",
"description": "The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.",
"gem": "mail",
"ghsa": "q86f-fmqf-qrf6",
"osvdb": 131677,
"patched_versions": [
"\u003e= 2.5.5"
],
"related": {
"url": [
"http://www.mbsd.jp/Whitepaper/smtpi.pdf",
"https://github.com/mikel/mail/pull/1097"
]
},
"title": "CVE-2015-9097 rubygem-mail: SMTP injection via recipient email addresses",
"url": "https://hackerone.com/reports/137631"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c2.5.5.rc1||\u003e=2.6.0.alpha0 \u003c2.6.6.rc1||\u003e=2.7.0.alpha0 \u003c2.7.0.rc1",
"affected_versions": "All versions before 2.5.5.rc1, all versions starting from 2.6.0.alpha0 before 2.6.6.rc1, all versions starting from 2.7.0.alpha0 before 2.7.0.rc1",
"credit": "Takeshi Terada / Mitsui Bussan Secure Directions, Inc.",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-93",
"CWE-937"
],
"date": "2017-07-05",
"description": "The mail package does not disallow CRLF in email addresses; an attacker can inject SMTP commands in specially crafted email addresses passed to `RCPT TO` and `MAIL FROM`.",
"fixed_versions": [
"2.5.5.rc1",
"2.6.6.rc1",
"2.7.0.rc1"
],
"identifier": "CVE-2015-9097",
"identifiers": [
"CVE-2015-9097"
],
"not_impacted": "All versions starting from 2.5.5.rc1 before 2.6.0.alpha0, all versions starting from 2.6.6.rc1 before 2.7.0.alpha0, all versions starting from 2.7.0.rc1",
"package_slug": "gem/mail",
"pubdate": "2017-06-12",
"solution": "Upgrade to versions 2.5.5.rc1, 2.6.6.rc1, 2.7.0.rc1 or above.",
"title": "SMTP Injection via to/from addresses",
"urls": [
"http://www.mbsd.jp/Whitepaper/smtpi.pdf",
"https://github.com/mikel/mail/pull/1097",
"https://hackerone.com/reports/137631"
],
"uuid": "e85c00b3-3230-4315-bd39-669b9fb8827f"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mail_project:mail:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9097"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-93"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rubysec.com/advisories/mail-OSVDB-131677",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://rubysec.com/advisories/mail-OSVDB-131677"
},
{
"name": "https://hackerone.com/reports/137631",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/137631"
},
{
"name": "https://github.com/rubysec/ruby-advisory-db/issues/215",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/rubysec/ruby-advisory-db/issues/215"
},
{
"name": "https://github.com/mikel/mail/pull/1097",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/mikel/mail/pull/1097"
},
{
"name": "https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83"
},
{
"name": "http://www.mbsd.jp/Whitepaper/smtpi.pdf",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mbsd.jp/Whitepaper/smtpi.pdf"
},
{
"name": "http://openwall.com/lists/oss-security/2015/12/11/3",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/12/11/3"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2017-07-05T16:43Z",
"publishedDate": "2017-06-12T20:29Z"
}
}
}