1. Homepage
  2. RvR
  3. Application
  4. Attack Vectors

General Information

Email Header Injection

Variants:
Direct Persistent Session 

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Input Validation, Syntax Escaping

Invented In:
15/02/2006

Added In:
08/12/2014

Quick Introduction to the Topic:


Vector Operation Method:
Malicious inputs can affect the structure of email messages generated in the server - limited to affecting the email headers due to bounds or other restrictions


Direct Variant:

Email Header Injection

Variant Title:
Email Header Injection

Typical Severity:
Medium

Resources:

Wiki

Other I

Other II

Other III

White Papers:

Paper I

Learn More:


Persistent Variant:

Stored Email Header Injection

Also Known As:
Persistent Email Header Injection

Typical Severity:
Medium

Resources:

White Papers:

Learn More:


Session Variant:

Email Header Injection via Session Puzzling

Also Known As:
Session Email Header Injection

Typical Severity:
Medium

Resources:

White Papers:

Learn More:




TECAPI ©

Join