CVE-2006-0052

9 documents6 sources

Severity

5.0MEDIUM

EPSS

6.4%

top 8.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Mailman

Timeline

PublishedMar 31

Latest updateMay 3

Description

The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDgnu/mailman24 versions+23

Patches

Patch: bugs.debian.org ↗Patch: www.securityfocus.com ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-f27j-9fv2-5hrg: The attachment scrubber (Scrubber↗2022-05-03

▶

CVEList

CVE-2006-0052: The attachment scrubber (Scrubber↗2006-03-31

▶

📋Vendor Advisories

Ubuntu

mailman vulnerability↗2006-04-04

▶

Red Hat

security flaw↗2005-06-06

▶

💬Community

Bugzilla

CVE-2006-0052 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-0052 Mailman DoS, CVE-2006-1712 Mailman cross site scripting bug and CVE-2005-3573 Mailman Denial of Service (CVE-2005-4153); also CAN-2004-1177 Cross-site scripting (XSS) vulnerability↗2006-06-02

▶

Bugzilla

CVE-2006-0052 Mailman DoS↗2006-03-30

▶

Bugzilla

CVE-2006-0052 Mailman DoS↗2006-03-30

▶