CVE-2006-2920 - Vulnerability Details - OpenCVE

Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sylpheed	Sylpheed
Sylpheed-claws	Sylpheed-claws

Configuration 1 [-]

OR	cpe:2.3:a:sylpheed:sylpheed::::::::
	cpe:2.3:a:sylpheed:sylpheed:2.0:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.0.1:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.0.2:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.0.3:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.1:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.1.1:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.1.2:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.1.3:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.1.4:::::::*
	cpe:2.3:a:sylpheed:sylpheed:2.1.5:::::::*
	cpe:2.3:a:sylpheed-claws:sylpheed-claws::::::::
	cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.4:::::::*
	cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.5:::::::*
	cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.6:::::::*
	cpe:2.3:a:sylpheed-claws:sylpheed-claws:1.0.2:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/20476
http://secunia.com/advisories/20577
http://sourceforge.net/project/shownotes.php?release_id=422662&group_id=25528
http://sylpheed.good-day.net/en/news.html%5C
http://www.vupen.com/english/advisories/2006/2173
http://www.vupen.com/english/advisories/2006/2283
https://exchange.xforce.ibmcloud.com/vulnerabilities/27089

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-06-09T01:00:00

Updated: 2024-08-07T18:06:27.208Z

Reserved: 2006-06-08T00:00:00

Link: CVE-2006-2920

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-06-09T01:02:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-2920

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-07T00:00:00", "descriptions": [{"lang": "en", "value": "Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-2283", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2283"}, {"name": "20577", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20577"}, {"name": "sylpheed-claws-utils-textview-security-bypass(27089)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27089"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=422662&group_id=25528"}, {"name": "ADV-2006-2173", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2173"}, {"name": "20476", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20476"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sylpheed.good-day.net/en/news.html%5C"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2920", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-2283", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2283"}, {"name": "20577", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20577"}, {"name": "sylpheed-claws-utils-textview-security-bypass(27089)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27089"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=422662&group_id=25528", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=422662&group_id=25528"}, {"name": "ADV-2006-2173", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2173"}, {"name": "20476", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20476"}, {"name": "http://sylpheed.good-day.net/en/news.html\\", "refsource": "CONFIRM", "url": "http://sylpheed.good-day.net/en/news.html\\"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:06:27.208Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-2283", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2283"}, {"name": "20577", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20577"}, {"name": "sylpheed-claws-utils-textview-security-bypass(27089)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27089"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=422662&group_id=25528"}, {"name": "ADV-2006-2173", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2173"}, {"name": "20476", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20476"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sylpheed.good-day.net/en/news.html%5C"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2920", "datePublished": "2006-06-09T01:00:00", "dateReserved": "2006-06-08T00:00:00", "dateUpdated": "2024-08-07T18:06:27.208Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sylpheed:sylpheed:*:*:*:*:*:*:*:*", "matchCriteriaId": "36D20D59-FF31-4B4C-8BAA-4A1DAD1E0704", "versionEndIncluding": "2.2.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "71D0F0F9-09D2-4789-9BAB-411A91C88631", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0931C414-F6FE-4727-8672-AA2D3861E29E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E7898451-CE65-4D65-B466-59C6BD64FDD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "EB1FF24D-03E5-4058-857C-3F13204CE5EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "46696D01-FB72-4073-9C9F-254A18882454", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6A1238E1-EC16-4990-998E-FC326C354F89", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "39E2AF3A-C7A7-46ED-8713-D35227E52065", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F1AC9051-FD50-4A3B-B101-7D2370B01E73", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "DFA29C52-E039-4829-AA4A-782A73BFC249", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "E785E2D1-432D-4D6A-AFB8-953C114DC6C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:*:*:*:*:*:*:*:*", "matchCriteriaId": "26E2C5DE-E793-47EF-ABAE-4C53A9396C81", "versionEndIncluding": "2.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "2EF47A61-63FA-4695-A6B8-E6252205026E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "941EDB98-28E5-4263-B429-5FD6DAA4A95D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "C4F7290C-E2BE-4A98-A5C1-40A29C76D0C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "DB139F9D-F308-40B2-9ECA-435216309D3D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character."}], "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nSylpheed-Claws, Sylpheed-Claws, 2.2.2", "id": "CVE-2006-2920", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-06-09T01:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20476"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20577"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?release_id=422662&group_id=25528"}, {"source": "cve@mitre.org", "url": "http://sylpheed.good-day.net/en/news.html%5C"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2173"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2283"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27089"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20476"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20577"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?release_id=422662&group_id=25528"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sylpheed.good-day.net/en/news.html%5C"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2173"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27089"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}