{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-09-04T00:00:00", "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-3446", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3446"}, {"name": "DSA-1188", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1188"}, {"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"}, {"name": "19831", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19831"}, {"name": "mailman-admin-spoofing(28734)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28734"}, {"name": "22639", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22639"}, {"name": "20021", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20021"}, {"name": "RHSA-2007:0779", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0779.html"}, {"name": "GLSA-200609-12", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"}, {"name": "20060913 Mailman 2.1.8 Multiple Security Issues", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923"}, {"name": "27669", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27669"}, {"name": "22227", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22227"}, {"name": "SUSE-SR:2006:025", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"}, {"name": "MDKSA-2006:165", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295"}, {"name": "21732", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21732"}, {"tags": ["x_refsource_MISC"], "url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"}, {"name": "22011", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22011"}, {"name": "oval:org.mitre.oval:def:9756", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756"}, {"name": "22020", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22020"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4624", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-3446", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3446"}, {"name": "DSA-1188", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1188"}, {"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9", "refsource": "MLIST", "url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"}, {"name": "19831", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19831"}, {"name": "mailman-admin-spoofing(28734)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28734"}, {"name": "22639", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22639"}, {"name": "20021", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20021"}, {"name": "RHSA-2007:0779", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0779.html"}, {"name": "GLSA-200609-12", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"}, {"name": "20060913 Mailman 2.1.8 Multiple Security Issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"}, {"name": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923", "refsource": "MISC", "url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923"}, {"name": "27669", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27669"}, {"name": "22227", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22227"}, {"name": "SUSE-SR:2006:025", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"}, {"name": "MDKSA-2006:165", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"}, {"name": "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295"}, {"name": "21732", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21732"}, {"name": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt", "refsource": "MISC", "url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"}, {"name": "22011", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22011"}, {"name": "oval:org.mitre.oval:def:9756", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756"}, {"name": "22020", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22020"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:14:47.768Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-3446", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3446"}, {"name": "DSA-1188", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1188"}, {"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"}, {"name": "19831", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19831"}, {"name": "mailman-admin-spoofing(28734)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28734"}, {"name": "22639", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22639"}, {"name": "20021", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20021"}, {"name": "RHSA-2007:0779", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0779.html"}, {"name": "GLSA-200609-12", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"}, {"name": "20060913 Mailman 2.1.8 Multiple Security Issues", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923"}, {"name": "27669", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27669"}, {"name": "22227", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22227"}, {"name": "SUSE-SR:2006:025", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"}, {"name": "MDKSA-2006:165", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295"}, {"name": "21732", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21732"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"}, {"name": "22011", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22011"}, {"name": "oval:org.mitre.oval:def:9756", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756"}, {"name": "22020", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22020"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4624", "datePublished": "2006-09-07T19:00:00", "dateReserved": "2006-09-07T00:00:00", "dateUpdated": "2024-08-07T19:14:47.768Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*", "matchCriteriaId": "42856677-9290-4B21-AE1F-0F217B0D80AC", "versionEndIncluding": "2.1.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n CRLF en Utils.py de Mailman anterior a 2.1.9rc1 permite a atacantes remotos suplantar mensajes en el log de errores y posiblemente enga\u00f1ar al administrador para que visite URLs maliciosas mediante secuencias CLRF en la URI."}], "id": "CVE-2006-4624", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-09-07T19:04:00.000", "references": [{"source": "cve@mitre.org", "url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"}, {"source": "cve@mitre.org", "url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21732"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22011"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22020"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22227"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22639"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27669"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295"}, {"source": "cve@mitre.org", "url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1188"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2007-0779.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19831"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/20021"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3446"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28734"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21732"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22011"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22020"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22227"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22639"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27669"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-1188"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0779.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19831"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/20021"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3446"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28734"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205651\n\nThe Red Hat Security Response Team has rated this issue as having low security impact and expects to release a future update to address this flaw.  More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which are in maintenance mode.\n\nThis bug will be addressed in a future update of Red Hat Enterprise Linux 4.", "lastModified": "2007-09-05T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2007:0779", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "mailman-3:2.1.5.1-34.rhel4.6", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-11-15T00:00:00Z"}], "bugzilla": {"description": "mailman logfile CRLF injection", "id": "205651", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=205651"}, "csaw": false, "details": ["CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI."], "name": "CVE-2006-4624", "public_date": "2006-06-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2006-4624\nhttps://nvd.nist.gov/vuln/detail/CVE-2006-4624"], "statement": "The Red Hat Product Security has rated this issue as having low security impact and expects to release a future update to address this flaw. More information regarding issue severity can be found here:\nhttps://access.redhat.com/security/updates/classification/\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which are in maintenance mode.\nThis bug will be addressed in a future update of Red Hat Enterprise Linux 4.", "threat_severity": "Low"}