Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0021

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2001-0021
Last Modified 05 Sep 2008 04:23:04
Published 16 Feb 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0021

Summary

MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.

Vulnerable Systems

Application

  • Endymion Mailman Webmail 3.0

  • Endymion Mailman Webmail 3.0.1

  • Endymion Mailman Webmail 3.0.10

  • Endymion Mailman Webmail 3.0.11

  • Endymion Mailman Webmail 3.0.12

  • Endymion Mailman Webmail 3.0.13

  • Endymion Mailman Webmail 3.0.14

  • Endymion Mailman Webmail 3.0.15

  • Endymion Mailman Webmail 3.0.16

  • Endymion Mailman Webmail 3.0.18

  • Endymion Mailman Webmail 3.0.19

  • Endymion Mailman Webmail 3.0.20

  • Endymion Mailman Webmail 3.0.21

  • Endymion Mailman Webmail 3.0.22

  • Endymion Mailman Webmail 3.0.23

  • Endymion Mailman Webmail 3.0.24

  • Endymion Mailman Webmail 3.0.25


References

BID - 2063

BUGTRAQ - 20001206 (SRADV00005) Remote command execution vulnerabilities in MailMan Webmail

XF - mailman-alternate-templates

CONFIRM - http://www.endymion.com/products/mailman/history.htm


Last Updated: 27 May 2016 10:36:06