Detections
Analytics

CVE-2006-4624

critical

Description

CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756

https://exchange.xforce.ibmcloud.com/vulnerabilities/28734

http://www.vupen.com/english/advisories/2006/3446

http://www.securityfocus.com/bid/20021

http://www.securityfocus.com/bid/19831

http://www.securityfocus.com/archive/1/445992/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2007-0779.html

http://www.novell.com/linux/security/advisories/2006_25_sr.html

http://www.mandriva.com/security/advisories?name=MDKSA-2006:165

http://www.debian.org/security/2006/dsa-1188

http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923

http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295

http://security.gentoo.org/glsa/glsa-200609-12.xml

http://secunia.com/advisories/27669

http://secunia.com/advisories/22639

http://secunia.com/advisories/22227

http://secunia.com/advisories/22020

http://secunia.com/advisories/22011

http://secunia.com/advisories/21732

http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt

http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html

Details

Source: Mitre, NVD

Published: 2006-09-07

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical