Vulnerabilities > CVE-2006-3778 - Unspecified vulnerability in IBM Lotus Notes 6.0/6.5/7.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ibm

NVD

Published: 2006-07-24

Updated: 2008-09-05

Summary

IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Lotus Notes 6.0 IBM Lotus Notes 6.5 IBM Lotus Notes 7.0	3

References

http://secunia.com/advisories/21096
http://securitytracker.com/id?1016516
http://securitytracker.com/id?1016819
http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386