CRLF Injection in Mailman Affects Multiple Versions from Python Software Foundation
CVE-2006-4624

Currently unrated

Key Information:

Vendor: Gnu
Status: Mailman
Vendor: CVE Published:; 7 September 2006

What is CVE-2006-4624?

A CRLF injection vulnerability in Mailman's Utils.py file allows remote attackers to exploit CRLF sequences in URIs. By doing so, they can spoof error log messages, which may trick administrators into visiting malicious URLs. This security flaw requires urgent attention to prevent unauthorized access and maintain the integrity of the Mailman messaging system.

References

http://www.vupen.com/english/advisories/2006/3446

vdb-entryx_refsource_VUPEN

http://www.debian.org/security/2006/dsa-1188

vendor-advisoryx_refsource_DEBIAN

http://mail.python.org/pipermail/mailman-announce/2006-Se...

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 7, 2006
Vulnerability Reserved
Sep 7, 2006

Gnu

What is CVE-2006-4624?

References

Timeline