Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1306

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-1306
Last Modified 23 Mar 2015 10:02:22
Published 22 Jan 2015 10:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1306

Summary

The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors.

Vulnerable Systems

Application

  • Sympa 6.0.0

  • Sympa 6.0.1

  • Sympa 6.0.2

  • Sympa 6.0.3

  • Sympa 6.0.4

  • Sympa 6.0.5

  • Sympa 6.0.6

  • Sympa 6.0.7

  • Sympa 6.0.8

  • Sympa 6.0.9

  • Sympa 6.1.0

  • Sympa 6.1.1

  • Sympa 6.1.10

  • Sympa 6.1.11

  • Sympa 6.1.12

  • Sympa 6.1.13

  • Sympa 6.1.14

  • Sympa 6.1.15

  • Sympa 6.1.16

  • Sympa 6.1.17

  • Sympa 6.1.18

  • Sympa 6.1.19

  • Sympa 6.1.2

  • Sympa 6.1.20

  • Sympa 6.1.21

  • Sympa 6.1.22

  • Sympa 6.1.23

  • Sympa 6.1.3

  • Sympa 6.1.4

  • Sympa 6.1.5

  • Sympa 6.1.6

  • Sympa 6.1.7

  • Sympa 6.1.8

  • Sympa 6.1.9


References

CONFIRM - https://www.sympa.org/security_advisories

MLIST - [oss-security] 20150120 Possible CVE request: sympa: vulnerability in the web interface

DEBIAN - DSA-3134

SECUNIA - 62442

SECUNIA - 62387

BID - 72277

MANDRIVA - MDVSA-2015:051

CONFIRM - http://advisories.mageia.org/MGASA-2015-0085.html


Last Updated: 27 May 2016 11:07:37