Vulnerability Description
IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Lotus Notes | 6.0 |
References
- http://secunia.com/advisories/21096Vendor Advisory
- http://securitytracker.com/id?1016516
- http://securitytracker.com/id?1016819
- http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602
- http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386Exploit
- http://secunia.com/advisories/21096Vendor Advisory
- http://securitytracker.com/id?1016516
- http://securitytracker.com/id?1016819
- http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602
- http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386Exploit
FAQ
What is CVE-2006-3778?
CVE-2006-3778 is a vulnerability with a CVSS score of 5.0 (MEDIUM). IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" ...
How severe is CVE-2006-3778?
CVE-2006-3778 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3778?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Lotus Notes.