CVE-2006-4624 — Code Injection in Mailman

CWE-94 — Code Injection9 documents5 sources

Severity

2.6LOWNVD

EPSS

2.7%

top 14.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Mailman

Timeline

PublishedSep 7

Latest updateMay 1

Description

CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDgnu/mailman2.1.8

Patches

Patch: secunia.com ↗Patch: sourceforge.net ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-pr3g-gx73-r4cm: CRLF injection vulnerability in Utils↗2022-05-01

▶

CVEList

CVE-2006-4624: CRLF injection vulnerability in Utils↗2006-09-07

▶

📋Vendor Advisories

Red Hat

mailman logfile CRLF injection↗2006-06-23

▶

💬Community

Bugzilla

CVE-2006-4624 mailman 2.1.9 needed (CVE-2006-3636 CVE-2006-2941)↗2006-10-20

▶

Bugzilla

CVE-2006-4624 mailman 2.1.9 needed (CVE-2006-3636 CVE-2006-2941)↗2006-10-07

▶

Bugzilla

CVE-2006-4624 mailman 2.1.9 needed (CVE-2006-3636 CVE-2006-2941)↗2006-09-15

▶

Bugzilla

CVE-2006-4624 mailman logfile CRLF injection↗2006-09-07

▶

Bugzilla

CVE-2006-4624 mailman logfile CRLF injection↗2006-09-07

▶