CVE-2011-0707 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 84%

Vendor	Product	Version
gnu	mailman	𝑥 ≤ 2.1.14
gnu	mailman	1.0
gnu	mailman	1.1
gnu	mailman	2.0
gnu	mailman	2.0:beta3
gnu	mailman	2.0:beta4
gnu	mailman	2.0:beta5
gnu	mailman	2.0.1
gnu	mailman	2.0.2
gnu	mailman	2.0.3
gnu	mailman	2.0.4
gnu	mailman	2.0.5
gnu	mailman	2.0.6
gnu	mailman	2.0.7
gnu	mailman	2.0.8
gnu	mailman	2.0.9
gnu	mailman	2.0.10
gnu	mailman	2.0.11
gnu	mailman	2.0.12
gnu	mailman	2.0.13
gnu	mailman	2.0.14
gnu	mailman	2.1
gnu	mailman	2.1:alpha
gnu	mailman	2.1:beta
gnu	mailman	2.1:stable
gnu	mailman	2.1.1
gnu	mailman	2.1.1:beta1
gnu	mailman	2.1.2
gnu	mailman	2.1.3
gnu	mailman	2.1.4
gnu	mailman	2.1.5
gnu	mailman	2.1.5.8
gnu	mailman	2.1.6
gnu	mailman	2.1.7
gnu	mailman	2.1.8
gnu	mailman	2.1.9
gnu	mailman	2.1.10
gnu	mailman	2.1.11
gnu	mailman	2.1.11:rc1
gnu	mailman	2.1.11:rc2
gnu	mailman	2.1.12
gnu	mailman	2.1.13
gnu	mailman	2.1.13:rc1
gnu	mailman	2.1.14:rc1
gnu	mailman	2.1b1:b1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

mailman

maverick	Fixed 1:2.1.13-4ubuntu0.2 released
lucid	Fixed 1:2.1.13-1ubuntu0.2 released
karmic	Fixed 1:2.1.12-2ubuntu0.2 released
hardy	Fixed 1:2.1.9-9ubuntu1.4 released
dapper	Fixed 2.1.5-9ubuntu4.4 released

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056363.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056387.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056399.html

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html

http://mail.python.org/pipermail/mailman-announce/2011-February/000157.html

http://mail.python.org/pipermail/mailman-announce/2011-February/000158.html

http://osvdb.org/70936

http://secunia.com/advisories/43294

http://secunia.com/advisories/43389

http://secunia.com/advisories/43425

http://secunia.com/advisories/43549

http://secunia.com/advisories/43580

http://secunia.com/advisories/43829

http://support.apple.com/kb/HT5002

http://www.debian.org/security/2011/dsa-2170

http://www.mandriva.com/security/advisories?name=MDVSA-2011:036

http://www.redhat.com/support/errata/RHSA-2011-0307.html

http://www.redhat.com/support/errata/RHSA-2011-0308.html

http://www.securityfocus.com/bid/46464

http://www.securitytracker.com/id?1025106

http://www.ubuntu.com/usn/USN-1069-1

http://www.vupen.com/english/advisories/2011/0435

http://www.vupen.com/english/advisories/2011/0436

http://www.vupen.com/english/advisories/2011/0460

http://www.vupen.com/english/advisories/2011/0487

http://www.vupen.com/english/advisories/2011/0542

http://www.vupen.com/english/advisories/2011/0720

https://exchange.xforce.ibmcloud.com/vulnerabilities/65538

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056363.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056387.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056399.html

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html

http://mail.python.org/pipermail/mailman-announce/2011-February/000157.html

http://mail.python.org/pipermail/mailman-announce/2011-February/000158.html

http://osvdb.org/70936

http://secunia.com/advisories/43294

http://secunia.com/advisories/43389

http://secunia.com/advisories/43425

http://secunia.com/advisories/43549

http://secunia.com/advisories/43580

http://secunia.com/advisories/43829

http://support.apple.com/kb/HT5002

http://www.debian.org/security/2011/dsa-2170

http://www.mandriva.com/security/advisories?name=MDVSA-2011:036

http://www.redhat.com/support/errata/RHSA-2011-0307.html

http://www.redhat.com/support/errata/RHSA-2011-0308.html

http://www.securityfocus.com/bid/46464

http://www.securitytracker.com/id?1025106

http://www.ubuntu.com/usn/USN-1069-1

http://www.vupen.com/english/advisories/2011/0435

http://www.vupen.com/english/advisories/2011/0436

http://www.vupen.com/english/advisories/2011/0460

http://www.vupen.com/english/advisories/2011/0487

http://www.vupen.com/english/advisories/2011/0542

http://www.vupen.com/english/advisories/2011/0720

https://exchange.xforce.ibmcloud.com/vulnerabilities/65538