Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1225

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1225
Last Modified 05 Sep 2008 05:01:20
Published 14 Mar 2006 02:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1225

Summary

CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy.

Vulnerable Systems

Application

  • Drupal 4.5.0

  • Drupal 4.5.1

  • Drupal 4.5.2

  • Drupal 4.5.3

  • Drupal 4.6.0

  • Drupal 4.6.1


References

BUGTRAQ - 20060314 [DRUPAL-SA-2006-004] Drupal 4.6.6 / 4.5.8 fixes mail header injection issue

SECUNIA - 19245

CONFIRM - http://drupal.org/node/53806

XF - drupal-header-data-manipulation(25206)

BID - 17104

OSVDB - 23912

DEBIAN - DSA-1007

SREASON - 579

SECUNIA - 19257


Last Updated: 27 May 2016 10:41:58