CVE-2015-2775

Опубликовано: 13 апр. 2015

Источник: debian

EPSS Средний

Описание

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
mailman	fixed	1:2.1.18-2		package

Примечания

https://bugs.launchpad.net/mailman/+bug/1437145
https://mail.python.org/pipermail/mailman-developers/2015-March/024875.html

EPSS

Процентиль: 93%

0.10677

Средний

Связанные уязвимости

CVE-2015-2775

ubuntu

около 10 лет назад

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.

CVE-2015-2775

redhat

около 10 лет назад

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.

CVE-2015-2775

nvd

около 10 лет назад

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.

GHSA-rhjr-qgg7-67wg

github

около 3 лет назад

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.

ELSA-2015-1153

oracle-oval

почти 10 лет назад

ELSA-2015-1153: mailman security and bug fix update (MODERATE)

EPSS

Процентиль: 93%

0.10677

Средний