Home > Vulnerability Database > CVE-2006-4624

Mend.io Vulnerability Database

CVE-2006-4624

Date: September 7, 2006

CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.

Severity Score

3.7

Related Resources (24)

Url: http://www.securityfocus.com/bid/20021

Url: http://www.securityfocus.com/bid/19831

Url: http://www.debian.org/security/2006/dsa-1188

Url: http://secunia.com/advisories/22639

Url: http://security.gentoo.org/glsa/glsa-200609-12.xml

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/28734

Url: http://www.novell.com/linux/security/advisories/2006_25_sr.html

Url: http://secunia.com/advisories/22227

Url: http://secunia.com/advisories/21732

Url: http://secunia.com/advisories/27669

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-4624

Url: http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-4624

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:165

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756

Url: http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html

Url: http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295

Url: http://secunia.com/advisories/22020

Url: http://www.securityfocus.com/archive/1/445992/100/0/threaded

Url: http://secunia.com/advisories/22011

Url: http://www.vupen.com/english/advisories/2006/3446

Url: http://www.redhat.com/support/errata/RHSA-2007-0779.html

Url: http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923

Url: https://www.mend.io/vulnerability-database/CVE-2006-4624

Severity Score

3.7

Weakness Type (CWE)

Code Injection

CWE-94

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	2.6
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-4624

Date: September 7, 2006

Severity Score

Related Resources (24)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?