CVE-2012-2352

Severity

75%

Complexity

99%

Confidentiality

106%

The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions.

The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Sympa

First reported 13 years ago

2012-05-31 17:55:00

Last updated 12 years ago

2012-08-14 03:37:00

Affected Software

Sympa 0.001

0.001

Sympa 0.002

0.002

Sympa 0.003

0.003

Sympa 0.004

0.004

Sympa 0.005

0.005

Sympa 0.006

0.006

Sympa 0.007

0.007

Sympa 0.008

0.008

Sympa 0.009

0.009

Sympa 0.010

0.010

Sympa 0.011

0.011

Sympa 1.2.0

1.2.0

Sympa 1.2.1

1.2.1

Sympa 1.2.2

1.2.2

Sympa 1.3.0

1.3.0

Sympa 1.3.1

1.3.1

Sympa 1.3.1-2

1.3.1-2

Sympa 1.3.2

1.3.2

Sympa 1.3.3

1.3.3

Sympa 1.3.4

1.3.4

Sympa 1.3.4-1

1.3.4-1

Sympa 1.4.0

1.4.0

Sympa 1.4.1

1.4.1

Sympa 1.4.2

1.4.2

Sympa 1.4.2-1

1.4.2-1

Sympa 1.5

1.5

Sympa 2.2.1b

2.2.1b

Sympa 2.2.2b

2.2.2b

Sympa 2.2.3b

2.2.3b

Sympa 2.2.4

2.2.4

Sympa 2.2.5

2.2.5

Sympa 2.2.6

2.2.6

Sympa 2.2.7

2.2.7

Sympa 2.2b

2.2b

Sympa 2.3beta

2.3

Sympa 2.3.0

2.3.0

Sympa 2.3.1

2.3.1

Sympa 2.3.2

2.3.2

Sympa 2.3.3

2.3.3

Sympa 2.3.4

2.3.4

Sympa 2.4

2.4

Sympa 2.5

2.5

Sympa 2.5.1

2.5.1

Sympa 2.5.2

2.5.2

Sympa 2.5.3b

2.5.3b

Sympa 2.5.4b

2.5.4b

Sympa 2.6

2.6

Sympa 2.6.1

2.6.1

Sympa 2.7

2.7

Sympa 2.7.1

2.7.1

Sympa 2.7.2

2.7.2

Sympa 2.7.3

2.7.3

Sympa 2.7a

2.7a

Sympa 2.7b.1

2.7b.1

Sympa 2.7b.2

2.7b.2

Sympa 2.7b.3

2.7b.3

Sympa 3.0

3.0

Sympa 3.0a

3.0a

Sympa 3.0a.1

3.0a.1

Sympa 3.0b.4

3.0b.4

Sympa 3.0b.8

3.0b.8

Sympa 3.0b.9

3.0b.9

Sympa 3.1

3.1

Sympa 3.1.1

3.1.1

Sympa 3.1b.7

3.1b.7

Sympa 3.1b.8

3.1b.8

Sympa 3.1b.9

3.1b.9

Sympa 3.1b.10

3.1b.10

Sympa 3.1b.12

3.1b.12

Sympa 3.1b.13

3.1b.13

Sympa 3.2

3.2

Sympa 3.2.1

3.2.1

Sympa 3.2.2a

3.2.2a

Sympa 3.3

3.3

Sympa 3.3.1

3.3.1

Sympa 3.3.3

3.3.3

Sympa 3.3.4b.3

3.3.4b.3

Sympa 3.3.4b.4

3.3.4b.4

Sympa 3.3.4b.5

3.3.4b.5

Sympa 3.3.4b.6

3.3.4b.6

Sympa 3.3.4b.7

3.3.4b.7

Sympa 3.3.4b.8

3.3.4b.8

Sympa 3.3.4b.9

3.3.4b.9

Sympa 3.3.5

3.3.5

Sympa 3.3.6b.1

3.3.6b.1

Sympa 3.3.6b.2

3.3.6b.2

Sympa 3.3.6b.3

3.3.6b.3

Sympa 3.3.6b.4

3.3.6b.4

Sympa 3.3.6b.5

3.3.6b.5

Sympa 3.3.6b.6

3.3.6b.6

Sympa 3.3b.3

3.3b.3

Sympa 3.3b.4

3.3b.4

Sympa 3.4

3.4

Sympa 4.0.a1

4.0.a1

Sympa 4.0.a3

4.0.a3

Sympa 4.0.a4

4.0.a4

Sympa 4.0.a5

4.0.a5

Sympa 4.0.a6

4.0.a6

Sympa 4.0.a7

4.0.a7

Sympa 4.0.a8

4.0.a8

Sympa 4.0.a9

4.0.a9

Sympa 4.0.b1

4.0.b1

Sympa 4.0.b2

4.0.b2

Sympa 4.0.b3

4.0.b3

Sympa 4.1

4.1

Sympa 4.2b.1

4.2b.1

Sympa 4.2b.3

4.2b.3

Sympa 5.0

5.0

Sympa 5.0a

5.0a

Sympa 5.0a.1

5.0a.1

Sympa 5.0b

5.0b

Sympa 5.0b.1

5.0b.1

Sympa 5.1

5.1

Sympa 5.1.2

5.1.2

Sympa 5.2

5.2

Sympa 5.2b

5.2b

Sympa 5.2b2

5.2b2

Sympa 5.3

5.3

Sympa 5.3.2

5.3.2

Sympa 5.3a.8

5.3a.8

Sympa 5.3a.9

5.3a.9

Sympa 5.3a.10

5.3a.10

Sympa 5.3b.1

5.3b.1

Sympa 5.3b.3

5.3b.3

Sympa 5.3b.4

5.3b.4

Sympa 5.3b.5

5.3b.5

Sympa 5.4

5.4

Sympa 5.4.1

5.4.1

Sympa 5.4.2

5.4.2

Sympa 5.4.3

5.4.3

Sympa 5.4a.2

5.4a.2

Sympa 5.4a.4

5.4a.4

Sympa 5.4b.1

5.4b.1

Sympa 6.0

6.0

Sympa 6.0.1

6.0.1

Sympa 6.0.2

6.0.2

Sympa 6.0.3

6.0.3

Sympa 6.0.4

6.0.4

Sympa 6.0.5

6.0.5

Sympa 6.0.6

6.0.6

Sympa 6.0b.1

6.0b.1

Sympa 6.0b.2

6.0b.2

Sympa 6.0b.3

6.0b.3

Sympa 6.0b.4

6.0b.4

Sympa 6.1.1

6.1.1

Sympa 6.1.2

6.1.2

Sympa 6.1.3

6.1.3

Sympa 6.1.4

6.1.4

Sympa 6.1.5

6.1.5

Sympa 6.1.6

6.1.6

Sympa 6.1.7

6.1.7

Sympa 6.1.8

6.1.8

Sympa 6.1.9

6.1.9

Sympa 6.1b.1

6.1b.1

Sympa 6.1b.2

6.1b.2

Sympa 6.1b.3

6.1b.3

Sympa 6.1b.4

6.1b.4

Sympa 6.1b.6

6.1b.6

References

49045

Vendor Advisory

49237

Vendor Advisory

DSA-2477

[oss-security] 20120511 CVE request: sympa (try again)

[oss-security] 20120511 Re: CVE request: sympa (try again)

[oss-security] 20120512 Re: CVE request: sympa (try again)

81890

53503

https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa&r1=6706&r2=7358&pathrev=7358

https://www.sympa.org/distribution/latest-stable/NEWS

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.