Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2012-2352

Published: 31/05/2012 Updated: 14/08/2012
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Sympa

Vulnerability Summary

The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa prior to 6.1.11 does not check permissions, which allows remote malicious users to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sympa sympa 6.1.6

sympa sympa 6.1.5

sympa sympa 6.0.4

sympa sympa 6.1b.4

sympa sympa 6.0

sympa sympa 6.0b.4

sympa sympa 5.4

sympa sympa 5.4b.1

sympa sympa 5.3b.1

sympa sympa 5.3a.10

sympa sympa 5.1

sympa sympa 5.0

sympa sympa 4.1

sympa sympa 4.0.b3

sympa sympa 4.0.b2

sympa sympa 4.0.a4

sympa sympa 4.0.a3

sympa sympa 3.3.6b.2

sympa sympa 3.3.6b.1

sympa sympa 3.3.4b.3

sympa sympa 3.3.3

sympa sympa 3.2

sympa sympa 3.1.1

sympa sympa 3.1b.7

sympa sympa 3.0

sympa sympa 2.7.1

sympa sympa 2.7

sympa sympa 2.5.4b

sympa sympa 2.5.3b

sympa sympa 2.3.2

sympa sympa 2.3.1

sympa sympa 2.2.3b

sympa sympa 2.2.1b

sympa sympa 1.3.4-1

sympa sympa 1.3.4

sympa sympa 1.2.1

sympa sympa 1.2.0

sympa sympa 0.004

sympa sympa 0.003

sympa sympa

sympa sympa 6.1.9

sympa sympa 6.1.2

sympa sympa 6.1.1

sympa sympa 6.0.6

sympa sympa 6.1b.1

sympa sympa 6.0.3

sympa sympa 6.0b.1

sympa sympa 5.4.3

sympa sympa 5.3

sympa sympa 5.3b.5

sympa sympa 5.2

sympa sympa 5.2b2

sympa sympa 5.0a.1

sympa sympa 5.0a

sympa sympa 4.0.a8

sympa sympa 4.0.a7

sympa sympa 3.3.6b.6

sympa sympa 3.3.6b.5

sympa sympa 3.3.4b.8

sympa sympa 6.1.8

sympa sympa 6.1.7

sympa sympa 6.1b.6

sympa sympa 6.0.5

sympa sympa 6.0.2

sympa sympa 6.0.1

sympa sympa 5.4.2

sympa sympa 5.4.1

sympa sympa 5.3b.4

sympa sympa 5.3b.3

sympa sympa 5.2b

sympa sympa 5.1.2

sympa sympa 4.2b.3

sympa sympa 4.2b.1

sympa sympa 4.0.a6

sympa sympa 4.0.a5

sympa sympa 3.3.6b.4

sympa sympa 3.3.6b.3

sympa sympa 3.3.4b.6

sympa sympa 3.3.4b.5

sympa sympa 3.3.4b.4

sympa sympa 3.2.2a

sympa sympa 3.2.1

sympa sympa 3.1b.9

sympa sympa 3.1b.8

sympa sympa 2.7.3

sympa sympa 2.7.2

sympa sympa 2.6.1

sympa sympa 2.6

sympa sympa 2.3.4

sympa sympa 2.3.3

sympa sympa 2.2.4

sympa sympa 2.2.2b

sympa sympa 1.4.1

sympa sympa 1.4.0

sympa sympa 1.3.0

sympa sympa 1.2.2

sympa sympa 0.006

sympa sympa 0.005

sympa sympa 3.3.4b.7

sympa sympa 3.3b.4

sympa sympa 3.3b.3

sympa sympa 3.1b.12

sympa sympa 3.1b.10

sympa sympa 3.0b.4

sympa sympa 3.0a.1

sympa sympa 3.0a

sympa sympa 2.7b.1

sympa sympa 2.7a

sympa sympa 2.5

sympa sympa 2.4

sympa sympa 2.2.7

sympa sympa 2.2.6

sympa sympa 2.2.5

sympa sympa 1.4.2-1

sympa sympa 1.4.2

sympa sympa 1.3.1-2

sympa sympa 1.3.1

sympa sympa 0.008

sympa sympa 0.007

sympa sympa 6.1.4

sympa sympa 6.1.3

sympa sympa 6.1b.3

sympa sympa 6.1b.2

sympa sympa 6.0b.3

sympa sympa 6.0b.2

sympa sympa 5.4a.4

sympa sympa 5.4a.2

sympa sympa 5.3.2

sympa sympa 5.3a.9

sympa sympa 5.3a.8

sympa sympa 5.0b.1

sympa sympa 5.0b

sympa sympa 4.0.b1

sympa sympa 4.0.a9

sympa sympa 4.0.a1

sympa sympa 3.4

sympa sympa 3.3.5

sympa sympa 3.3.4b.9

sympa sympa 3.3.1

sympa sympa 3.3

sympa sympa 3.1

sympa sympa 3.1b.13

sympa sympa 3.0b.9

sympa sympa 3.0b.8

sympa sympa 2.7b.3

sympa sympa 2.7b.2

sympa sympa 2.5.2

sympa sympa 2.5.1

sympa sympa 2.3.0

sympa sympa 2.3

sympa sympa 2.2b

sympa sympa 1.5

sympa sympa 1.3.3

sympa sympa 1.3.2

sympa sympa 0.011

sympa sympa 0.010

sympa sympa 0.009

sympa sympa 0.002

sympa sympa 0.001

Vendor Advisories

Debian CVElist Bug Report Logs: security: private archives available to all
Debian Bug report logs - #672893 security: private archives available to all Package: sympa; Maintainer for sympa is Debian Sympa team <sympa@packagesdebianorg>; Source for sympa is src:sympa (PTS, buildd, popcon) Reported by: Micah Anderson <micah@debianorg> Date: Mon, 14 May 2012 14:48:04 UTC Severity: grave Ta ...
Debian Security Advisories: DSA-2477-1 sympa -- authorization bypass
Several vulnerabilities have been discovered in Sympa, a mailing list manager, that allow to skip the scenario-based authorization mechanisms This vulnerability allows to display the archives management page, and download and delete the list archives by unauthorized users For the stable distribution (squeeze), this problem has been fixed in versi ...

References

CWE-264https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa&r1=6706&r2=7358&pathrev=7358http://www.openwall.com/lists/oss-security/2012/05/12/2http://secunia.com/advisories/49237http://secunia.com/advisories/49045http://www.openwall.com/lists/oss-security/2012/05/12/8http://www.openwall.com/lists/oss-security/2012/05/11/8http://www.debian.org/security/2012/dsa-2477https://www.sympa.org/distribution/latest-stable/NEWShttp://www.osvdb.org/81890http://www.securityfocus.com/bid/53503https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672893https://nvd.nist.govhttps://www.debian.org/security/./dsa-2477
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook