Lucene search

PRIOn knowledge basePRION:CVE-2006-1225

HistoryMar 14, 2006 - 7:06 p.m.

Crlf injection

2006-03-1419:06:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.026 Low

EPSS

Percentile

90.0%

JSON

CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy.

CPENameOperatorVersion
drupaleq4.6.0
drupaleq4.5.0
drupaleq4.5.2
drupaleq4.5.1
drupaleq4.6.1
drupaleq4.5.3

Name	Operator	Version
drupal	eq	4.6.0
drupal	eq	4.5.0
drupal	eq	4.5.2
drupal	eq	4.5.1
drupal	eq	4.6.1
drupal	eq	4.5.3

References

secunia.com/advisories/19245

secunia.com/advisories/19257

securityreason.com/securityalert/579

www.debian.org/security/2006/dsa-1007

www.osvdb.org/23912

www.securityfocus.com/archive/1/427591/100/0/threaded

www.securityfocus.com/bid/17104

drupal.org/node/53806

exchange.xforce.ibmcloud.com/vulnerabilities/25206

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.026 Low

EPSS

Percentile

90.0%

JSON

Related for PRION:CVE-2006-1225