4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
71.1%
Mailman manages electronic mail discussion and e-newsletter lists.
A cross-site scripting (XSS) flaw in the driver script of mailman prior to
version 2.1.5 could allow remote attackers to execute scripts as other web
users. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1177 to this issue.
Users of mailman should update to this erratum package, which corrects this
issue by turning on STEALTH_MODE by default and using Utils.websafe() to
quote the html.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | src | mailman | < 2.1.5-33.rhel4 | mailman-2.1.5-33.rhel4.src.rpm |
RedHat | any | x86_64 | mailman | < 2.1.5-33.rhel4 | mailman-2.1.5-33.rhel4.x86_64.rpm |
RedHat | any | ppc | mailman | < 2.1.5-33.rhel4 | mailman-2.1.5-33.rhel4.ppc.rpm |
RedHat | any | i386 | mailman | < 2.1.5-33.rhel4 | mailman-2.1.5-33.rhel4.i386.rpm |
RedHat | any | s390 | mailman | < 2.1.5-33.rhel4 | mailman-2.1.5-33.rhel4.s390.rpm |
RedHat | any | s390x | mailman | < 2.1.5-33.rhel4 | mailman-2.1.5-33.rhel4.s390x.rpm |
RedHat | any | ia64 | mailman | < 2.1.5-33.rhel4 | mailman-2.1.5-33.rhel4.ia64.rpm |