Lucene search

PRIOn knowledge basePRION:CVE-2015-2775

HistoryApr 13, 2015 - 2:59 p.m.

Directory traversal

2015-04-1314:59:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.031 Low

EPSS

Percentile

90.7%

JSON

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a … (dot dot) in a list name.

CPENameOperatorVersion
ubuntu_linuxeq12.04
ubuntu_linuxeq14.10
ubuntu_linuxeq14.04
debian_linuxeq7.0
mailmanle2.1.19
enterprise_linuxeq7.0

Name	Operator	Version
ubuntu_linux	eq	12.04
ubuntu_linux	eq	14.10
ubuntu_linux	eq	14.04
debian_linux	eq	7.0
mailman	le	2.1.19
enterprise_linux	eq	7.0

References

rhn.redhat.com/errata/RHSA-2015-1153.html

rhn.redhat.com/errata/RHSA-2015-1417.html

www.debian.org/security/2015/dsa-3214

www.securityfocus.com/bid/73922

www.securitytracker.com/id/1032033

www.ubuntu.com/usn/USN-2558-1

bugs.launchpad.net/mailman/+bug/1437145

lists.fedoraproject.org/pipermail/package-announce/2015-April/154911.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/156742.html

mail.python.org/pipermail/mailman-announce/2015-March/000209.html

mail.python.org/pipermail/mailman-developers/2015-March/024871.html

mail.python.org/pipermail/mailman-developers/2015-March/024875.html

7.5 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.031 Low

EPSS

Percentile

90.7%

JSON

Related for PRION:CVE-2015-2775