CVE-2004-1177

Published Jan 10, 2005

Last updated 7 years ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Vendor comments

Red HatThis issue did not affect the versions of mailman shipped with Red Hat Enterprise Linux 2.1, 3, or 4. In addition, we believe this issue does not apply to the 2.0.x versions of mailman due to setting of STEALTH_MODE

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gnu:mailman:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46CF8999-445E-4E03-89F1-81669F9F93D8"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D965E3E-E08C-40EA-AF66-470F473F0262"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64179C1D-C96F-431F-AD80-CBCA77CB9E53"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC6B30F6-70A8-43C7-BA5C-6DD8A6ED829D"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "767101D3-ABB0-4D34-AA28-75F78A392F39"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEB60D06-E9D0-4949-8542-334D180F491D"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F884774-D1A1-42A6-A3FE-9B0500725666"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C56B981-FD66-46F2-806A-3FFDEC520482"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E3E1994-6CAC-48E9-8438-0D894A76FE66"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB8742B0-A91D-457D-BF57-06AFC5219BF9"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F04EDBE-4B04-4B4C-A2BE-5286AC7C8952"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "615566E3-9EBD-49B3-9727-0883D3F0334B"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F59D0CCF-3CD0-4D99-B1F1-38F331422801"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FADF5CE8-D072-4CFE-8A96-BA86187B478B"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72278005-5F2A-4459-8813-DF7EC2D1F063"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E39A909-E266-4BA9-87C6-DE26052433E9"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABA16FD9-0625-4D3D-9F10-130A28C88DA2"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE33EFBF-E155-4C3B-93CC-63AA1266A8A2"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78F2FB70-7EB9-4AA7-9E85-C151C3CC8104"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8894855-E303-4B55-B3BC-DCBE3A0AB703"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B1500D8-952A-46C6-920C-096760C36A43"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "503D7346-4891-40B1-A0CD-0FACC5359431"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "643610C6-99A9-43C9-A8FC-463A244C08DE"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1b1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "085C333C-E2E7-4ACD-9CC8-C37C67725954"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References