Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2006-AVI-426
Vulnerability from certfr_avis
De multiples vulnérabilités dans Mailman permettent à un utilisateur distant d'injecter du code dans une ou plusieurs pages du site vulnérable ainsi que de modifier les journaux d'événements.
Description
Deux vulnérabilités sont présentes dans Mailman :
- La première vulnérabilité est de type Injection de code indirecte (Cross Site Scripting). Elle peut être exploitée par une personne mal intentionnée afin d'injecter du code dans une ou plusieurs pages du site vulnérable.
- La seconde vulnérabilité concerne la fonction Utils.py. Elle permet à un utilisateur distant d'injecter des messages arbitraires dans les journaux d'événements.
Solution
La version 2.1.9 de Mailman corrige les vulnérabilités. Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Mailman version 2.1.9rc1 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eMailman version 2.1.9rc1 et ant\u00e9rieures.\u003c/p\u003e",
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Mailman :\n\n- La premi\u00e8re vuln\u00e9rabilit\u00e9 est de type Injection de code indirecte\n (Cross Site Scripting). Elle peut \u00eatre exploit\u00e9e par une personne\n mal intentionn\u00e9e afin d\u0027injecter du code dans une ou plusieurs pages\n du site vuln\u00e9rable.\n- La seconde vuln\u00e9rabilit\u00e9 concerne la fonction Utils.py. Elle permet\n \u00e0 un utilisateur distant d\u0027injecter des messages arbitraires dans\n les journaux d\u0027\u00e9v\u00e9nements.\n\n## Solution\n\nLa version 2.1.9 de Mailman corrige les vuln\u00e9rabilit\u00e9s. Se r\u00e9f\u00e9rer au\nbulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf.\nsection Documentation).\n",
"cves": [
{
"name": "CVE-2006-3636",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3636"
},
{
"name": "CVE-2006-4624",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4624"
}
],
"initial_release_date": "2006-10-05T00:00:00",
"last_revision_date": "2006-10-05T00:00:00",
"links": [
{
"title": "Annonce Mailman du 12 septembre 2006 :",
"url": "http://mail.python.org/pipermail/mailman-announce/2006-september/000087.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1188 du 04 octobre 2006 :",
"url": "http://www.debian.org/security/2006/dsa-1188"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2006:0600 du 06 septembre 2006 :",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0600.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2006:165 du 18 septembre 2006 :",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:165"
}
],
"reference": "CERTA-2006-AVI-426",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-10-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s dans Mailman permettent \u00e0 un utilisateur\ndistant d\u0027injecter du code dans une ou plusieurs pages du site\nvuln\u00e9rable ainsi que de modifier les journaux d\u0027\u00e9v\u00e9nements.\n",
"title": "Multiples Vuln\u00e9rabilit\u00e9s dans Mailman",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian du 04 octobre 2006",
"url": null
}
]
}
CVE-2006-3636 (GCVE-0-2006-3636)
Vulnerability from cvelistv5
Published
2006-09-06 00:00
Modified
2024-08-07 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3446",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"name": "DSA-1188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1188"
},
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "19831",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19831"
},
{
"name": "22639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22639"
},
{
"name": "1016808",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016808"
},
{
"name": "21879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21879"
},
{
"name": "20021",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20021"
},
{
"name": "oval:org.mitre.oval:def:10553",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10553"
},
{
"name": "USN-345-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-345-1"
},
{
"name": "GLSA-200609-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"name": "20060913 Mailman 2.1.8 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"name": "22227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22227"
},
{
"name": "SUSE-SR:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "MDKSA-2006:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"name": "21792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21792"
},
{
"name": "RHSA-2006:0600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0600.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"name": "21732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21732"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"name": "22011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22011"
},
{
"name": "22020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22020"
},
{
"name": "mailman-unspecified-xss(28731)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28731"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2006-3446",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"name": "DSA-1188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1188"
},
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "19831",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19831"
},
{
"name": "22639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22639"
},
{
"name": "1016808",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016808"
},
{
"name": "21879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21879"
},
{
"name": "20021",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20021"
},
{
"name": "oval:org.mitre.oval:def:10553",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10553"
},
{
"name": "USN-345-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-345-1"
},
{
"name": "GLSA-200609-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"name": "20060913 Mailman 2.1.8 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"name": "22227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22227"
},
{
"name": "SUSE-SR:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "MDKSA-2006:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"name": "21792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21792"
},
{
"name": "RHSA-2006:0600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0600.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"name": "21732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21732"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"name": "22011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22011"
},
{
"name": "22020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22020"
},
{
"name": "mailman-unspecified-xss(28731)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28731"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-3636",
"datePublished": "2006-09-06T00:00:00",
"dateReserved": "2006-07-17T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4624 (GCVE-0-2006-4624)
Vulnerability from cvelistv5
Published
2006-09-07 19:00
Modified
2024-08-07 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3446",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"name": "DSA-1188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1188"
},
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "19831",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19831"
},
{
"name": "mailman-admin-spoofing(28734)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28734"
},
{
"name": "22639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22639"
},
{
"name": "20021",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20021"
},
{
"name": "RHSA-2007:0779",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0779.html"
},
{
"name": "GLSA-200609-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"name": "20060913 Mailman 2.1.8 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859\u0026r2=7923"
},
{
"name": "27669",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27669"
},
{
"name": "22227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22227"
},
{
"name": "SUSE-SR:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "MDKSA-2006:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"name": "21732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21732"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"name": "22011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22011"
},
{
"name": "oval:org.mitre.oval:def:9756",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756"
},
{
"name": "22020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3446",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"name": "DSA-1188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1188"
},
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "19831",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19831"
},
{
"name": "mailman-admin-spoofing(28734)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28734"
},
{
"name": "22639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22639"
},
{
"name": "20021",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20021"
},
{
"name": "RHSA-2007:0779",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0779.html"
},
{
"name": "GLSA-200609-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"name": "20060913 Mailman 2.1.8 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859\u0026r2=7923"
},
{
"name": "27669",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27669"
},
{
"name": "22227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22227"
},
{
"name": "SUSE-SR:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "MDKSA-2006:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"name": "21732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21732"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"name": "22011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22011"
},
{
"name": "oval:org.mitre.oval:def:9756",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756"
},
{
"name": "22020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3446",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"name": "DSA-1188",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1188"
},
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"refsource": "MLIST",
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "19831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19831"
},
{
"name": "mailman-admin-spoofing(28734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28734"
},
{
"name": "22639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22639"
},
{
"name": "20021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20021"
},
{
"name": "RHSA-2007:0779",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0779.html"
},
{
"name": "GLSA-200609-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"name": "20060913 Mailman 2.1.8 Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"name": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859\u0026r2=7923",
"refsource": "MISC",
"url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859\u0026r2=7923"
},
{
"name": "27669",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27669"
},
{
"name": "22227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22227"
},
{
"name": "SUSE-SR:2006:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "MDKSA-2006:165",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"name": "21732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21732"
},
{
"name": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"name": "22011",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22011"
},
{
"name": "oval:org.mitre.oval:def:9756",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756"
},
{
"name": "22020",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4624",
"datePublished": "2006-09-07T19:00:00",
"dateReserved": "2006-09-07T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…