[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2011:0307-01 -- Redhat mailman

ID: oval:org.secpod.oval:def:500142Date: (C)2012-01-31   (M)2023-02-20
Class: PATCHFamily: unix




Mailman is a program used to help manage email discussion lists. Multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they could perform a cross-site scripting attack against the victim. Multiple input sanitization flaws were found in the way Mailman displayed mailing list information. A mailing list administrator could use this flaw to conduct a cross-site scripting attack against victims viewing a list"s "listinfo" page. Red Hat would like to thank Mark Sapiro for reporting the CVE-2011-0707 and CVE-2010-3089 issues. Users of mailman should upgrade to this updated package, which contains backported patches to correct these issues.

Platform:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
Product:
mailman
Reference:
RHSA-2011:0307-01
CVE-2008-0564
CVE-2010-3089
CVE-2011-0707
CVE    3
CVE-2011-0707
CVE-2008-0564
CVE-2010-3089
CPE    48
cpe:/a:gnu:mailman:2.1.1
cpe:/a:gnu:mailman:2.1.1:beta1
cpe:/a:gnu:mailman:2.0
cpe:/a:gnu:mailman:2.1.13:rc1
...

© SecPod Technologies