Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-4624 | First vendor Publication | 2006-09-07 |
Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.6 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4624 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-15 | Command Delimiters |
CAPEC-34 | HTTP Response Splitting |
CAPEC-81 | Web Logs Tampering |
CAPEC-93 | Log Injection-Tampering-Forging |
CAPEC-106 | Cross Site Scripting through Log Files |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9756 | |||
Oval ID: | oval:org.mitre.oval:def:9756 | ||
Title: | CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI. | ||
Description: | CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4624 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-04 | Name : FreeBSD Ports: mailman, ja-mailman, mailman-with-htdig File : nvt/freebsd_mailman7.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1188-1 (mailman) File : nvt/deb_1188_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
28436 | Mailman Utils.py Spoofed Log Entry Injection |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-06-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-0779.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20071115_mailman_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-0779.nasl - Type : ACT_GATHER_INFO |
2006-12-16 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2006-165.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1188.nasl - Type : ACT_GATHER_INFO |
2006-09-05 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_fffa92573c1711db86ab00123ffe8333.nasl - Type : ACT_GATHER_INFO |
2006-09-05 | Name : The remote web server contains a Python application that is affected by a log... File : mailman_log_spoof.nasl - Type : ACT_ATTACK |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 23:19:36 |
|
2024-11-28 12:09:57 |
|
2021-05-05 01:02:46 |
|
2021-05-04 12:04:32 |
|
2021-04-22 01:05:12 |
|
2020-05-24 01:02:45 |
|
2020-05-23 00:18:21 |
|
2018-10-18 00:19:41 |
|
2018-02-22 12:01:55 |
|
2017-10-11 09:23:45 |
|
2017-07-20 09:23:52 |
|
2016-04-26 15:03:14 |
|
2014-02-17 10:37:13 |
|
2013-05-11 11:08:58 |
|