Lucene search

K

[email protected]NVD:CVE-2016-6893

HistorySep 02, 2016 - 2:59 p.m.

CVE-2016-6893

2016-09-0214:59:09

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.1%

Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim’s account.

Affected configurations

NVD

Node

gnumailmanMatch2.1

OR

gnumailmanMatch2.1.1

OR

gnumailmanMatch2.1.2

OR

gnumailmanMatch2.1.3

OR

gnumailmanMatch2.1.4

OR

gnumailmanMatch2.1.5

OR

gnumailmanMatch2.1.6

OR

gnumailmanMatch2.1.8

OR

gnumailmanMatch2.1.9

OR

gnumailmanMatch2.1.10

OR

gnumailmanMatch2.1.10rc1

OR

gnumailmanMatch2.1.10b1

OR

gnumailmanMatch2.1.10b3

OR

gnumailmanMatch2.1.10b4

OR

gnumailmanMatch2.1.11

OR

gnumailmanMatch2.1.11rc1

OR

gnumailmanMatch2.1.11rc2

OR

gnumailmanMatch2.1.12

OR

gnumailmanMatch2.1.12rc1

OR

gnumailmanMatch2.1.12rc2

OR

gnumailmanMatch2.1.13

OR

gnumailmanMatch2.1.13rc1

OR

gnumailmanMatch2.1.14

OR

gnumailmanMatch2.1.14rc1

OR

gnumailmanMatch2.1.14-1

OR

gnumailmanMatch2.1.15

OR

gnumailmanMatch2.1.15rc1

OR

gnumailmanMatch2.1.16

OR

gnumailmanMatch2.1.16rc1

OR

gnumailmanMatch2.1.16rc2

OR

gnumailmanMatch2.1.16rc3

OR

gnumailmanMatch2.1.17

OR

gnumailmanMatch2.1.18

OR

gnumailmanMatch2.1.18rc1

OR

gnumailmanMatch2.1.18rc2

OR

gnumailmanMatch2.1.18rc3

OR

gnumailmanMatch2.1.18-1

OR

gnumailmanMatch2.1.19

OR

gnumailmanMatch2.1.19rc1

OR

gnumailmanMatch2.1.19rc2

OR

gnumailmanMatch2.1.19rc3

OR

gnumailmanMatch2.1.20

OR

gnumailmanMatch2.1.21

OR

gnumailmanMatch2.1.21rc2

OR

gnumailmanMatch2.1.22

OR

gnumailmanMatch2.1.23

References

www.debian.org/security/2016/dsa-3668

www.securityfocus.com/bid/92731

www.securitytracker.com/id/1036728

bugs.launchpad.net/bugs/1614841

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.1%

Related for NVD:CVE-2016-6893

openvas13 nessus21 cve1 veracode1 debian2 cvelist1 debiancve1 mageia1 prion1 ubuntucve1 freebsd1 fedora2 redhatcve1 altlinux1 amazon2 ubuntu1 oraclelinux1 redhat1 centos1 rosalinux1