CVE-2005-0080 - The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error me

CVE-2005-0080

Summary

The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.

References

Vulnerable Configurations

cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:4.10:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:4.10:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-10-2016 - 03:07)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20050110 [USN-59-1] mailman vulnerabilities
confirm	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285839
misc	http://qa.debian.org/bts-security.html

Last major update

18-10-2016 - 03:07

Published

02-05-2005 - 04:00

Last modified

18-10-2016 - 03:07