CVE-2012-3536 - OpenCVE

Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Hupa

Configuration 1 [-]

cpe:2.3:a:apache:hupa:*:*:*:*:*:*:*:*

References

Link	Resource
http://svn.apache.org/viewvc?view=revision&revision=1373762	Issue Tracking Vendor Advisory
https://james.apache.org/hupa/index.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2018-02-26T00:00:00

Updated: 2018-02-27T18:57:01

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3536

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-02-27T19:29:00.280

Modified: 2018-03-16T17:39:29.620

Link: CVE-2012-3536

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "Apache Hupa", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "Hupa versions prior to 0.0.3"}]}], "datePublic": "2018-02-26T00:00:00", "descriptions": [{"lang": "en", "value": "Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3."}], "problemTypes": [{"descriptions": [{"description": "XSS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-27T18:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://james.apache.org/hupa/index.html"}, {"tags": ["x_refsource_MISC"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1373762"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-02-26T00:00:00", "ID": "CVE-2012-3536", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Hupa", "version": {"version_data": [{"version_value": "Hupa versions prior to 0.0.3"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "XSS"}]}]}, "references": {"reference_data": [{"name": "https://james.apache.org/hupa/index.html", "refsource": "MISC", "url": "https://james.apache.org/hupa/index.html"}, {"name": "http://svn.apache.org/viewvc?view=revision&revision=1373762", "refsource": "MISC", "url": "http://svn.apache.org/viewvc?view=revision&revision=1373762"}]}}}}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2012-3536", "datePublished": "2018-02-26T00:00:00", "dateReserved": "2012-06-14T00:00:00", "dateUpdated": "2018-02-27T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:hupa:*:*:*:*:*:*:*:*", "matchCriteriaId": "457E0F4F-5999-4A85-8016-52BD2B9B8A1E", "versionEndExcluding": "0.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3."}, {"lang": "es", "value": "Se han solucionado dos vulnerabilidades de Cross-Site Scripting (XSS) en la lista y vista de mensaje en la aplicaci\u00f3n Hupa Webmail del proyecto Apache James. Un atacante podr\u00eda enviar un email cuidadosamente manipulado a un usuario de Hupa, que desencadenar\u00eda un Cross-Site Scripting (XSS) cuando el email se abriese o cuando se visualizase una lista de mensajes. Este problema se ha abordado en Hupa 0.0.3."}], "id": "CVE-2012-3536", "lastModified": "2018-03-16T17:39:29.620", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-27T19:29:00.280", "references": [{"source": "security@apache.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1373762"}, {"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://james.apache.org/hupa/index.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}