CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
91.0%
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a … (dot dot) in a list name.
Vendor | Product | Version | CPE |
---|---|---|---|
canonical | ubuntu_linux | 12.04 | cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* |
canonical | ubuntu_linux | 14.04 | cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* |
canonical | ubuntu_linux | 14.10 | cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:* |
debian | debian_linux | 7.0 | cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* |
redhat | enterprise_linux | 7.0 | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
gnu | mailman | * | cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:* |
lists.fedoraproject.org/pipermail/package-announce/2015-April/154911.html
lists.fedoraproject.org/pipermail/package-announce/2015-April/156742.html
rhn.redhat.com/errata/RHSA-2015-1153.html
rhn.redhat.com/errata/RHSA-2015-1417.html
www.debian.org/security/2015/dsa-3214
www.securityfocus.com/bid/73922
www.securitytracker.com/id/1032033
www.ubuntu.com/usn/USN-2558-1
bugs.launchpad.net/mailman/+bug/1437145
mail.python.org/pipermail/mailman-announce/2015-March/000209.html
mail.python.org/pipermail/mailman-developers/2015-March/024871.html
mail.python.org/pipermail/mailman-developers/2015-March/024875.html