CVE-2006-2920

Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/20476	Patch Vendor Advisory
http://secunia.com/advisories/20577	Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=422662&group_id=25528	Patch
http://sylpheed.good-day.net/en/news.html%5C
http://www.vupen.com/english/advisories/2006/2173	Vendor Advisory
http://www.vupen.com/english/advisories/2006/2283	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27089

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sylpheed:sylpheed::::::::
	cpe:2.3:a:sylpheed:sylpheed:2.0:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.0.1:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.0.2:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.0.3:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.1:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.1.1:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.1.2:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.1.3:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.1.4:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.1.5:::::::*
	cpe:2.3:a:sylpheed-claws:sylpheed-claws::::::::
	cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.4:::::::*
	cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.5:::::::*
	cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.6:::::::*
	cpe:2.3:a:sylpheed-claws:sylpheed-claws:1.0.2:::::::*

History

07 Nov 2023, 01:58

Type	Values Removed	Values Added
References	~~{'url': 'http://sylpheed.good-day.net/en/news.html\\', 'name': 'http://sylpheed.good-day.net/en/news.html\\', 'tags': ['Broken Link'], 'refsource': 'CONFIRM'}~~	() http://sylpheed.good-day.net/en/news.html%5C -

Information

Published : 2006-06-09 01:02

Updated : 2023-12-10 10:28

NVD link : CVE-2006-2920

Mitre link : CVE-2006-2920

CVE.ORG link : CVE-2006-2920

JSON object : View

Products Affected

sylpheed-claws

sylpheed-claws

sylpheed

sylpheed

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2006-2920", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2006-06-09T01:02:00.000", "references": [{"url": "http://secunia.com/advisories/20476", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20577", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=422662&group_id=25528", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://sylpheed.good-day.net/en/news.html%5C", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2173", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2283", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27089", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character."}], "lastModified": "2023-11-07T01:58:54.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sylpheed:sylpheed:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36D20D59-FF31-4B4C-8BAA-4A1DAD1E0704", "versionEndIncluding": "2.2.5"}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71D0F0F9-09D2-4789-9BAB-411A91C88631"}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0931C414-F6FE-4727-8672-AA2D3861E29E"}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7898451-CE65-4D65-B466-59C6BD64FDD6"}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB1FF24D-03E5-4058-857C-3F13204CE5EC"}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46696D01-FB72-4073-9C9F-254A18882454"}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A1238E1-EC16-4990-998E-FC326C354F89"}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39E2AF3A-C7A7-46ED-8713-D35227E52065"}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1AC9051-FD50-4A3B-B101-7D2370B01E73"}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFA29C52-E039-4829-AA4A-782A73BFC249"}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E785E2D1-432D-4D6A-AFB8-953C114DC6C7"}, {"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26E2C5DE-E793-47EF-ABAE-4C53A9396C81", "versionEndIncluding": "2.2.1"}, {"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EF47A61-63FA-4695-A6B8-E6252205026E"}, {"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "941EDB98-28E5-4263-B429-5FD6DAA4A95D"}, {"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4F7290C-E2BE-4A98-A5C1-40A29C76D0C8"}, {"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB139F9D-F308-40B2-9ECA-435216309D3D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nSylpheed-Claws, Sylpheed-Claws, 2.2.2"}