Unrated severityNVD Advisory· Published Sep 7, 2006· Updated Apr 16, 2026

CVE-2006-4624

Description

CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.

Affected products

GNU/Mailman
cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*
Range: <=2.1.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/21732nvdPatchVendor Advisory
sourceforge.net/project/shownotes.phpnvdPatch
secunia.com/advisories/22011nvdVendor Advisory
secunia.com/advisories/22020nvdVendor Advisory
secunia.com/advisories/22227nvdVendor Advisory
secunia.com/advisories/22639nvdVendor Advisory
secunia.com/advisories/27669nvdVendor Advisory
mail.python.org/pipermail/mailman-announce/2006-September/000087.htmlnvd
moritz-naumann.com/adv/0013/mailmanmulti/0013.txtnvd
security.gentoo.org/glsa/glsa-200609-12.xmlnvd
svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.pynvd
www.debian.org/security/2006/dsa-1188nvd
www.mandriva.com/security/advisoriesnvd
www.novell.com/linux/security/advisories/2006_25_sr.htmlnvd
www.redhat.com/support/errata/RHSA-2007-0779.htmlnvd
www.securityfocus.com/archive/1/445992/100/0/threadednvd
www.securityfocus.com/bid/19831nvd
www.securityfocus.com/bid/20021nvd
www.vupen.com/english/advisories/2006/3446nvd
exchange.xforce.ibmcloud.com/vulnerabilities/28734nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000