Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-4624

CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.

Published

2006-09-07T19:04:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 2.6 (LOW)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

4.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	mailman	≤ 2.1.8	Yes

References

http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html ([email protected])
http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt ([email protected])
http://secunia.com/advisories/21732 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/22011 Vendor Advisory ([email protected])
http://secunia.com/advisories/22020 Vendor Advisory ([email protected])
http://secunia.com/advisories/22227 Vendor Advisory ([email protected])
http://secunia.com/advisories/22639 Vendor Advisory ([email protected])
http://secunia.com/advisories/27669 Vendor Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200609-12.xml ([email protected])
http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295 Patch ([email protected])
http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923 ([email protected])
http://www.debian.org/security/2006/dsa-1188 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:165 ([email protected])
http://www.novell.com/linux/security/advisories/2006_25_sr.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0779.html ([email protected])
http://www.securityfocus.com/archive/1/445992/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/19831 ([email protected])
http://www.securityfocus.com/bid/20021 ([email protected])
http://www.vupen.com/english/advisories/2006/3446 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/28734 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756 ([email protected])
http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html (af854a3a-2127-422b-91ae-364da2661108)
http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21732 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/22011 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/22020 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/22227 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/22639 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27669 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200609-12.xml (af854a3a-2127-422b-91ae-364da2661108)
http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1188 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:165 (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2006_25_sr.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0779.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/445992/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/19831 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/20021 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/3446 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28734 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756 (af854a3a-2127-422b-91ae-364da2661108)