Lucene search

K

MitreCVELIST:CVE-2020-12137

HistoryApr 24, 2020 - 12:37 p.m.

CVE-2020-12137

2020-04-2412:37:58

mitre

www.cve.org

6.4 Medium

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.7%

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.

References

bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS

lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html

lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html

www.openwall.com/lists/oss-security/2020/04/24/3

lists.debian.org/debian-lts-announce/2020/05/msg00002.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YCMGTTOXXCVM4O6CYZLTZDX6YLYORNF/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4COSBBEMJYLV7WSW5QTUJUOFJFK47KK/

usn.ubuntu.com/4348-1/

www.debian.org/security/2020/dsa-4664

www.openwall.com/lists/oss-security/2020/02/24/2

www.openwall.com/lists/oss-security/2020/02/24/3

6.4 Medium

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.7%

Related for CVELIST:CVE-2020-12137

openvas14 nessus17 fedora2 redhatcve1 prion1 debian2 cve1 oraclelinux1 almalinux1 ubuntucve1 debiancve1 veracode1 osv3 nvd1 redhat1 suse2 mageia1 ubuntu2 rosalinux1