Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-3118-1
HistoryNov 01, 2016 - 12:00 a.m.

Mailman vulnerabilities

2016-11-0100:00:00
ubuntu.com
50

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

61.1%

JSON

Releases

  • Ubuntu 16.10
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM
  • Ubuntu 12.04

Packages

  • mailman - Powerful, web-based mailing list manager

Details

It was discovered that the Mailman administrative web interface did not
protect against cross-site request forgery (CSRF) attacks. If an
authenticated user were tricked into visiting a malicious website while
logged into Mailman, a remote attacker could perform administrative
actions. This issue only affected Ubuntu 12.04 LTS. (CVE-2016-7123)

Nishant Agarwala discovered that the Mailman user options page did not
protect against cross-site request forgery (CSRF) attacks. If an
authenticated user were tricked into visiting a malicious website while
logged into Mailman, a remote attacker could modify user options.
(CVE-2016-6893)

OSVersionArchitecturePackageVersionFilename
Ubuntu16.10noarchmailman< 1:2.1.22-1ubuntu0.1UNKNOWN
Ubuntu16.10noarchmailman-dbgsym< 1:2.1.22-1ubuntu0.1UNKNOWN
Ubuntu16.04noarchmailman< 1:2.1.20-1ubuntu0.1UNKNOWN
Ubuntu16.04noarchmailman-dbgsym< 1:2.1.20-1ubuntu0.1UNKNOWN
Ubuntu14.04noarchmailman< 1:2.1.16-2ubuntu0.2UNKNOWN
Ubuntu14.04noarchmailman-dbgsym< 1:2.1.16-2ubuntu0.2UNKNOWN
Ubuntu12.04noarchmailman< 1:2.1.14-3ubuntu0.4UNKNOWN
Ubuntu12.04noarchmailman-dbgsym< 1:2.1.14-3ubuntu0.4UNKNOWN

Related

nessus 22
openvas 13
cvelist 2
redhatcve 2
nvd 2
prion 2
ubuntucve 2
debian 2
veracode 1
cve 2
debiancve 2
freebsd 2
mageia 1
fedora 2
altlinux 1
amazon 2
osv 1
oraclelinux 1
redhat 1
centos 1
rosalinux 1
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : Mailman vulnerabilities (USN-3118-1)
2016-11-02 00:00:00
RHEL 6 : mailman (Unpatched Vulnerability)
2024-06-03 00:00:00
FreeBSD : mailman -- CSRF hardening in parts of the web interface (9e50dcc3-740b-11e6-94a2-080027ef73ec)
2016-09-08 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3118-1)
2016-11-08 00:00:00
Debian: Security Advisory (DSA-3668-1)
2016-09-14 00:00:00
Debian: Security Advisory (DLA-608-1)
2023-03-08 00:00:00
cvelist
cvelist
CVE-2016-7123
2016-09-02 14:00:00
CVE-2016-6893
2016-09-02 14:00:00
redhatcve
redhatcve
CVE-2016-7123
2016-09-05 10:18:57
CVE-2016-6893
2016-08-25 12:18:50
nvd
nvd
CVE-2016-7123
2016-09-02 14:59:10
CVE-2016-6893
2016-09-02 14:59:09
prion
prion
Cross site request forgery (csrf)
2016-09-02 14:59:00
Cross site request forgery (csrf)
2016-09-02 14:59:00
ubuntucve
ubuntucve
CVE-2016-6893
2016-09-02 00:00:00
CVE-2016-7123
2016-09-02 00:00:00
debian
debian
[SECURITY] [DSA 3668-1] mailman security update
2016-09-15 12:13:33
[SECURITY] [DLA 608-1] mailman security update
2016-09-02 09:01:58
veracode
veracode
Cross-site Request Forgery (CSRF)
2020-12-06 04:46:32
cve
cve
CVE-2016-6893
2016-09-02 14:59:09
CVE-2016-7123
2016-09-02 14:59:10
debiancve
debiancve
CVE-2016-7123
2016-09-02 14:59:10
CVE-2016-6893
2016-09-02 14:59:09
freebsd
freebsd
mailman -- CSRF hardening in parts of the web interface
2011-05-02 00:00:00
mailman -- CSRF protection enhancements
2016-08-19 00:00:00
mageia
mageia
Updated mailman package fixes security vulnerability
2016-10-18 21:43:39
fedora
fedora
[SECURITY] Fedora 28 Update: mailman-2.1.26-1.fc28
2018-04-09 13:29:49
[SECURITY] Fedora 27 Update: mailman-2.1.21-8.fc27
2018-03-16 16:45:42
altlinux
altlinux
Security fix for the ALT Linux 9 package mailman version 5:2.1.23-alt0.1.20160915
2016-09-24 00:00:00
amazon
amazon
Medium: mailman
2018-04-05 16:46:00
Important: mailman
2022-01-18 21:37:00
osv
osv
mailman-2.1.23-1.2 on GA media
2024-06-15 00:00:00
oraclelinux
oraclelinux
mailman security update
2021-12-03 00:00:00
redhat
redhat
(RHSA-2021:4913) Important: mailman security update
2021-12-02 15:34:51
centos
centos
mailman security update
2021-12-02 23:53:20
rosalinux
rosalinux
Advisory ROSA-SA-2021-1913
2021-07-02 17:27:17

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

61.1%

JSON
Related for USN-3118-1
nessus22openvas13cvelist2redhatcve2nvd2prion2ubuntucve2debian2veracode1cve2debiancve2freebsd2mageia1fedora2altlinux1amazon2osv1oraclelinux1redhat1centos1rosalinux1