CVE-2001-0884 - OpenCVE

Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Gnu	Mailman

Configuration 1 [-]

OR	cpe:2.3:a:gnu:mailman::::::::
	cpe:2.3:a:gnu:mailman:5.0:::::::*
	cpe:2.3:a:gnu:mailman:5.1:::::::*
	cpe:2.3:a:gnu:mailman:6.0:::::::*
	cpe:2.3:a:gnu:mailman:7.0:::::::*

References

Link	Resource
http://www.redhat.com/support/errata/RHSA-2001-168.html
http://www.redhat.com/support/errata/RHSA-2001-169.html
http://www.redhat.com/support/errata/RHSA-2001-170.html
http://www.securityfocus.com/advisories/3721	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/242839	Patch Vendor Advisory
http://www.securityfocus.com/bid/3602
https://exchange.xforce.ibmcloud.com/vulnerabilities/7617

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2002-06-25T04:00:00

Updated: 2001-12-25T10:00:00

Reserved: 2001-12-13T00:00:00

Link: CVE-2001-0884

JSON object: View

NVD Information

Status : Modified

Published: 2001-12-21T05:00:00.000

Modified: 2017-10-10T01:29:55.423

Link: CVE-2001-0884

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2001-12-25T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2001:169", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2001-169.html"}, {"name": "20011128 Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/242839"}, {"name": "RHSA-2001:168", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2001-168.html"}, {"name": "RHSA-2001:170", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2001-170.html"}, {"name": "mailman-java-css(7617)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7617"}, {"name": "3602", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3602"}, {"name": "CLA-2001:445", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://www.securityfocus.com/advisories/3721"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-0884", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2001:169", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2001-169.html"}, {"name": "20011128 Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/242839"}, {"name": "RHSA-2001:168", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2001-168.html"}, {"name": "RHSA-2001:170", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2001-170.html"}, {"name": "mailman-java-css(7617)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7617"}, {"name": "3602", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3602"}, {"name": "CLA-2001:445", "refsource": "CONECTIVA", "url": "http://www.securityfocus.com/advisories/3721"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-0884", "datePublished": "2002-06-25T04:00:00", "dateReserved": "2001-12-13T00:00:00", "dateUpdated": "2001-12-25T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*", "matchCriteriaId": "60AD053B-1E35-4AB6-BCCC-96D571C11B37", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:mailman:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "2D04755F-8B82-4951-93D7-B81792387610", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:mailman:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "C92A998E-585A-4D66-B985-0C5401CFF2F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:mailman:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E237A77D-A80A-4ED7-AA07-0AB765D54F7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:mailman:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BE92813-4FDE-4358-9769-E17D89BA76CC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en el archivador de correo electr\u00f3nico Mailman permite a atacantes ganar informaci\u00f3n sensible o credenciales de autenticaci\u00f3n mediante un enlace malicioso que es accedido por otros usuarios web."}], "id": "CVE-2001-0884", "lastModified": "2017-10-10T01:29:55.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2001-12-21T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2001-168.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2001-169.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2001-170.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/advisories/3721"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/242839"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/3602"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7617"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}