Back to search
CVE-2012-2352
Published: May 31, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-2477
vendor-advisory
x_refsource_DEBIAN
[oss-security] 20120512 Re: CVE request: sympa (try again)
mailing-list
x_refsource_MLIST
53503
vdb-entry
x_refsource_BID
[oss-security] 20120511 CVE request: sympa (try again)
mailing-list
x_refsource_MLIST
[oss-security] 20120511 Re: CVE request: sympa (try again)
mailing-list
x_refsource_MLIST
81890
vdb-entry
x_refsource_OSVDB
https://www.sympa.org/distribution/latest-stable/NEWS
x_refsource_CONFIRM
49045
third-party-advisory
x_refsource_SECUNIA
49237
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now