CVE-2006-3778

IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386	Exploit
http://securitytracker.com/id?1016516
http://secunia.com/advisories/21096	Vendor Advisory
http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602
http://securitytracker.com/id?1016819

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:lotus_notes:6.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.5:::::::*
	cpe:2.3:a:ibm:lotus_notes:7.0:::::::*

Information

Published : 2006-07-24 05:19

Updated : 2008-09-05 14:08

NVD link : CVE-2006-3778

Mitre link : CVE-2006-3778

JSON object : View

CWE

NVD-CWE-Other

Products Affected

ibm

lotus_notes

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386", "name": "http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386", "tags": ["Exploit"], "refsource": "CONFIRM"}, {"url": "http://securitytracker.com/id?1016516", "name": "1016516", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/21096", "name": "21096", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602", "name": "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602", "tags": [], "refsource": "CONFIRM"}, {"url": "http://securitytracker.com/id?1016819", "name": "1016819", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) \"Save As Draft\" option is used or (2) a \",\" (comma) is inside the \"phrase\" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3778", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-07-24T12:19Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T21:08Z"}

5.0 /10