CVE-2006-3778
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/07/2006
Last modified:
03/04/2025
Description
IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/21096
- http://securitytracker.com/id?1016516=
- http://securitytracker.com/id?1016819=
- http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602
- http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386
- http://secunia.com/advisories/21096
- http://securitytracker.com/id?1016516=
- http://securitytracker.com/id?1016819=
- http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602
- http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386