Oracle Linux 8 : mailman:2.1 (ELSA-2020-4667)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-4667 advisory. - Fix for CVE-2020-12137 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested...

CVE-2020-12137

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...