Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2012-2352

Published: 31 May 2012

The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions.

Priority

Medium

Status

Package Release Status
sympa
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Does not exist
(precise was needed)
quantal Ignored
(reached end-of-life)
raring Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Does not exist
(trusty was not-affected [6.1.17~dfsg-1])
upstream
Released (6.1.11)
utopic Not vulnerable
(6.1.17~dfsg-1)
vivid Not vulnerable
(6.1.17~dfsg-1)
wily Not vulnerable
(6.1.17~dfsg-1)
xenial Not vulnerable
(6.1.17~dfsg-1)
yakkety Not vulnerable
(6.1.17~dfsg-1)
zesty Not vulnerable
(6.1.17~dfsg-1)