CVE - CVE-2006-4624

CVE-ID
CVE-2006-4624	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:19831 URL:http://www.securityfocus.com/bid/19831 BID:20021 URL:http://www.securityfocus.com/bid/20021 BUGTRAQ:20060913 Mailman 2.1.8 Multiple Security Issues URL:http://www.securityfocus.com/archive/1/445992/100/0/threaded CONFIRM:http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295 DEBIAN:DSA-1188 URL:http://www.debian.org/security/2006/dsa-1188 GENTOO:GLSA-200609-12 URL:http://security.gentoo.org/glsa/glsa-200609-12.xml MANDRIVA:MDKSA-2006:165 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:165~~ (Obsolete source) MISC:http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt MISC:http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923 MLIST:[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9 URL:http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html OVAL:oval:org.mitre.oval:def:9756 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756 REDHAT:RHSA-2007:0779 URL:http://www.redhat.com/support/errata/RHSA-2007-0779.html SECUNIA:21732 URL:http://secunia.com/advisories/21732 SECUNIA:22011 URL:http://secunia.com/advisories/22011 SECUNIA:22020 URL:http://secunia.com/advisories/22020 SECUNIA:22227 URL:http://secunia.com/advisories/22227 SECUNIA:22639 URL:http://secunia.com/advisories/22639 SECUNIA:27669 URL:http://secunia.com/advisories/27669 SUSE:SUSE-SR:2006:025 URL:http://www.novell.com/linux/security/advisories/2006_25_sr.html VUPEN:ADV-2006-3446 URL:~~http://www.vupen.com/english/advisories/2006/3446~~ (Obsolete source) XF:mailman-admin-spoofing(28734) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/28734
Assigning CNA
MITRE Corporation
Date Record Created
20060907	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060907)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)