正文

GNU Mailman Pipermail Index Summary HTML注入漏洞

admin
admin V管理员 /0 评论 /6 阅读
1231
此篇文章发布距今已超过1259天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

GNU Mailman Pipermail Index Summary HTML注入漏洞

  • CNNVD编号:CNNVD-200206-050
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2002-0388
  • 漏洞类型: 跨站脚本
  • 发布时间: 2002-06-18
  • 威胁类型: 远程
  • 更新时间: 2009-07-21
  • 厂        商: gnu
  • 漏洞来源: Discovery of this ...

漏洞简介

Mailman before 2.0.11版本存在跨站脚本漏洞。远程攻击者借助1)admin登录页面,或者(2)Pipermail索引摘要执行脚本。

漏洞公告

Debian has released an advisory which addresses this issue. See the attached advisory for details on obtaining fixes. Upgrades are available: GNU Mailman 2.0.1

  • GNU mailman-2.0.12.tgz http://prdownloads.sourceforge.net/mailman/mailman-2.0.12.tgz
GNU Mailman 2.0.10
  • GNU mailman-2.0.12.tgz http://prdownloads.sourceforge.net/mailman/mailman-2.0.12.tgz
GNU Mailman 2.0.2
  • GNU mailman-2.0.12.tgz http://prdownloads.sourceforge.net/mailman/mailman-2.0.12.tgz
GNU Mailman 2.0.3
  • GNU mailman-2.0.12.tgz http://prdownloads.sourceforge.net/mailman/mailman-2.0.12.tgz
GNU Mailman 2.0.4
  • GNU mailman-2.0.12.tgz http://prdownloads.sourceforge.net/mailman/mailman-2.0.12.tgz
GNU Mailman 2.0.5
  • GNU mailman-2.0.12.tgz http://prdownloads.sourceforge.net/mailman/mailman-2.0.12.tgz
GNU Mailman 2.0.6
  • GNU mailman-2.0.12.tgz http://prdownloads.sourceforge.net/mailman/mailman-2.0.12.tgz
GNU Mailman 2.0.7
  • GNU mailman-2.0.12.tgz http://prdownloads.sourceforge.net/mailman/mailman-2.0.12.tgz
GNU Mailman 2.0.8
  • Conectiva mailman-2.0.11-1U8_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/mailman-2.0.11-1U8_1cl.i386 .rpm
  • Conectiva mailman-2.0.11-1U8_1cl.src.rpmSource RPM. ftp://atualizacoes.conectiva.com.br/8/SRPMS/mailman-2.0.11-1U8_1cl.src .rpm
  • Conectiva mailman-2.0.11-2U60_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mailman-2.0.11-2U60_1cl.i 386.rpm
  • Conectiva mailman-2.0.11-2U60_1cl.src.rpmSource RPM. ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/mailman-2.0.11-2U60_1cl. src.rpm
  • Conectiva mailman-2.0.11-2U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mailman-2.0.11-2U70_1cl.i 386.rpm
  • Conectiva mailman-2.0.11-2U70_1cl.src.rpmSource RPM. ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/mailman-2.0.11-2U70_1cl. src.rpm
  • GNU mailman-2.0.12.tgz http://prdownloads.sourceforge.net/mailman/mailman-2.0.12.tgz
  • Red Hat mailman-2.0.11-0.7.1.alpha.rpm ftp://updates.redhat.com/7.1/en/powertools/alpha/mailman-2.0.11-0.7.1. alpha.rpm
  • Red Hat mailman-2.0.11-0.7.1.i386.rpm ftp://updates.redhat.com/7.1/en/powertools/i386/mailman-2.0.11-0.7.1.i 386.rpm
  • Red Hat mailman-2.0.11-0.7.1.src.rpmSource RPM. ftp://updates.redhat.com/7.1/en/powertools/SRPMS/mailman-2.0.11-0.7.1. src.rpm
  • Red Hat mailman-2.0.11-0.7.alpha.rpm ftp://updates.redhat.com/7.0/en/powertools/alpha/mailman-2.0.11-0.7.al pha.rpm
  • Red Hat mailman-2.0.11-0.7.i386.rpm ftp://updates.redhat.com/7.0/en/powertools/i386/mailman-2.0.11-0.7.i38 6.rpm
  • Red Hat mailman-2.0.11-0.7.src.rpmSource RPM. ftp://updates.redhat.com/7.0/en/powertools/SRPMS/mailman-2.0.11-0.7.sr c.rpm
  • Red Hat mailman-2.0.11-1.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/mailman-2.0.11-1.i386.rpm
  • Red Hat mailman-2.0.11-1.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/mailman-2.0.11-1.i386.rpm
  • Red Hat mailman-2.0.11-1.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/mailman-2.0.11-1.ia64.rpm
  • Red Hat mailman-2.0.11-1.src.rpmSource RPM. ftp://updates.redhat.com/7.2/en/os/SRPMS/mailman-2.0.11-1.src.rpm
  • Red Hat mailman-2.0.11-1.src.rpmSource RPM. ftp://updates.redhat.com/7.3/en/os/SRPMS/mailman-2.0.11-1.src.rpm
GNU Mailman 2.0.9
  • GNU mailman-2.0.12.tgz http://prdownloads.sourceforge.net/mailman/mailman-2.0.12.tgz

参考网址

来源: mail.python.org 链接:http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html 来源: BID 名称: 4826 链接:http://www.securityfocus.com/bid/4826

受影响实体

  • Gnu Mailman:2.0.11  
    <!--
    2000-1-1
    -->
  • Gnu Mailman:2.0.11  
    <!--
    2000-1-1
    -->

补丁

    暂无