ID CVE-2004-1177
Summary Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:mailman:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.0:beta5:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.0:beta5:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:mailman:2.1b1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:mailman:2.1b1:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
oval via4
accepted 2013-04-29T04:11:35.986-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
family unix
id oval:org.mitre.oval:def:11113
status accepted
submitted 2010-07-09T03:56:16-04:00
title Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
version 29
redhat via4
advisories
rhsa
id RHSA-2005:235
rpms
  • mailman-3:2.1.5-25.rhel3
  • mailman-3:2.1.5-33.rhel4
  • mailman-debuginfo-3:2.1.5-25.rhel3
  • mailman-debuginfo-3:2.1.5-33.rhel4
refmap via4
bugtraq 20050110 [USN-59-1] mailman vulnerabilities
confirm http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555
debian DSA-674
mandrake MDKSA-2005:015
secunia 13603
suse SUSE-SA:2005:007
xf mailman-script-driver-xss(18854)
statements via4
contributor Mark J Cox
lastmodified 2006-08-30
organization Red Hat
statement This issue did not affect the versions of mailman shipped with Red Hat Enterprise Linux 2.1, 3, or 4. In addition, we believe this issue does not apply to the 2.0.x versions of mailman due to setting of STEALTH_MODE
Last major update 11-10-2017 - 01:29
Published 10-01-2005 - 05:00
Last modified 11-10-2017 - 01:29
Back to Top