CVE-2006-3778

Sažetak

IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients.

Reference

http://secunia.com/advisories/21096
http://securitytracker.com/id?1016516
http://securitytracker.com/id?1016819
http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

05-09-2008 - 21:08

Objavljeno

24-07-2006 - 12:19