Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2011:0307
HistoryMar 01, 2011 - 12:00 a.m.

(RHSA-2011:0307) Moderate: mailman security update

2011-03-0100:00:00
access.redhat.com
12

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

69.0%

JSON

Mailman is a program used to help manage email discussion lists.

Multiple input sanitization flaws were found in the way Mailman displayed
usernames of subscribed users on certain pages. If a user who is subscribed
to a mailing list were able to trick a victim into visiting one of those
pages, they could perform a cross-site scripting (XSS) attack against the
victim. (CVE-2011-0707)

Multiple input sanitization flaws were found in the way Mailman displayed
mailing list information. A mailing list administrator could use this flaw
to conduct a cross-site scripting (XSS) attack against victims viewing a
list’s “listinfo” page. (CVE-2008-0564, CVE-2010-3089)

Red Hat would like to thank Mark Sapiro for reporting the CVE-2011-0707 and
CVE-2010-3089 issues.

Users of mailman should upgrade to this updated package, which contains
backported patches to correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHat5srcmailman< 2.1.9-6.el5_6.1mailman-2.1.9-6.el5_6.1.src.rpm
RedHat5x86_64mailman< 2.1.9-6.el5_6.1mailman-2.1.9-6.el5_6.1.x86_64.rpm
RedHat5ia64mailman< 2.1.9-6.el5_6.1mailman-2.1.9-6.el5_6.1.ia64.rpm
RedHatanyx86_64mailman< 2.1.5.1-34.rhel4.7mailman-2.1.5.1-34.rhel4.7.x86_64.rpm
RedHatanyppcmailman< 2.1.5.1-34.rhel4.7mailman-2.1.5.1-34.rhel4.7.ppc.rpm
RedHatanys390xmailman< 2.1.5.1-34.rhel4.7mailman-2.1.5.1-34.rhel4.7.s390x.rpm
RedHatanysrcmailman< 2.1.5.1-34.rhel4.7mailman-2.1.5.1-34.rhel4.7.src.rpm
RedHatanyia64mailman< 2.1.5.1-34.rhel4.7mailman-2.1.5.1-34.rhel4.7.ia64.rpm
RedHatanyi386mailman< 2.1.5.1-34.rhel4.7mailman-2.1.5.1-34.rhel4.7.i386.rpm
RedHat5i386mailman< 2.1.9-6.el5_6.1mailman-2.1.9-6.el5_6.1.i386.rpm
Rows per page:
1-10 of 131

Related

nessus 37
openvas 52
oraclelinux 2
centos 1
fedora 7
osv 1
ubuntu 2
debian 1
redhat 1
securityvulns 10
veracode 3
freebsd 3
prion 4
altlinux 2
debiancve 3
cve 4
ubuntucve 3
threatpost 1
nessus
nessus
CentOS 4 / 5 : mailman (CESA-2011:0307)
2011-03-03 00:00:00
Scientific Linux Security Update : mailman on SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
RHEL 4 / 5 : mailman (RHSA-2011:0307)
2011-03-02 00:00:00
openvas
openvas
RedHat Update for mailman RHSA-2011:0307-01
2011-03-07 00:00:00
CentOS Update for mailman CESA-2011:0307 centos5 x86_64
2012-07-30 00:00:00
CentOS Update for mailman CESA-2011:0307 centos5 x86_64
2012-07-30 00:00:00
oraclelinux
oraclelinux
mailman security update
2011-03-02 00:00:00
mailman security update
2011-03-01 00:00:00
centos
centos
mailman security update
2011-03-03 03:36:16
fedora
fedora
[SECURITY] Fedora 13 Update: mailman-2.1.12-17.fc13
2011-03-21 20:56:57
[SECURITY] Fedora 14 Update: mailman-2.1.13-7.fc14
2011-03-21 21:00:30
[SECURITY] Fedora 7 Update: mailman-2.1.9-5.3
2008-02-13 15:10:18
osv
osv
mailman - several vulnerabilities
2011-02-18 00:00:00
ubuntu
ubuntu
Mailman vulnerabilities
2011-02-22 00:00:00
mailman vulnerability
2008-03-15 00:00:00
debian
debian
[SECURITY] [DSA 2170-1] mailman security update
2011-02-20 12:00:06
redhat
redhat
(RHSA-2011:0308) Moderate: mailman security update
2011-03-01 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2011-02-26 00:00:00
Mailman crossite scripting
2008-02-16 00:00:00
rPSA-2008-0056-1 mailman
2008-02-16 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 00:53:46
Cross-site Scripting (XSS)
2020-04-10 00:53:46
Cross-site Scripting (XSS)
2020-04-10 00:53:46
freebsd
freebsd
mailman -- script insertion vulnerability
2008-02-05 00:00:00
mailman -- XSS vulnerability
2011-02-13 00:00:00
Mailman -- cross-site scripting in web interface
2010-09-14 00:00:00
prion
prion
Cross site scripting
2011-02-22 19:00:00
Cross site scripting
2010-09-15 20:00:00
Cross site scripting
2008-02-05 02:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package mailman version 5:2.1.10-alt0.3
2008-02-23 00:00:00
Security fix for the ALT Linux 9 package mailman version 5:2.1.15-alt0.2
2012-10-17 00:00:00
debiancve
debiancve
CVE-2011-0707
2011-02-22 19:00:00
CVE-2010-3089
2010-09-15 20:00:00
CVE-2008-0564
2008-02-05 02:00:00
cve
cve
CVE-2011-0707
2011-02-22 19:00:00
CVE-2010-3089
2010-09-15 20:00:00
CVE-2008-0564
2008-02-05 02:00:00
ubuntucve
ubuntucve
CVE-2011-0707
2011-02-18 00:00:00
CVE-2010-3089
2010-09-15 00:00:00
CVE-2008-0564
2008-02-05 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

69.0%

JSON
Related for RHSA-2011:0307
nessus37openvas52oraclelinux2centos1fedora7osv1ubuntu2debian1redhat1securityvulns10veracode3freebsd3prion4altlinux2debiancve3cve4ubuntucve3threatpost1