CVE-2015-2775

2015-04-1314:59:02

CWE-22

mitre

web.nvd.nist.gov

cve-2015-2775

directory traversal

gnu mailman

nvd

security vulnerability

remote attackers

arbitrary files

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

High

EPSS

0.031

Percentile

91.0%

JSON

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a … (dot dot) in a list name.

Affected configurations

Nvd

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch14.10

debiandebian_linuxMatch7.0

redhatenterprise_linuxMatch7.0

Node

gnumailmanRange≤2.1.19

VendorProductVersionCPE
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
canonicalubuntu_linux14.10cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
gnumailman*cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
canonical	ubuntu_linux	14.10	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*
debian	debian_linux	7.0	cpe:2.3:o:debian:debian_linux:7.0:::::::*
redhat	enterprise_linux	7.0	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
gnu	mailman	*	cpe:2.3:a:gnu:mailman::::::::