Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-12137

Опубликовано: 24 фев. 2020
Источник: redhat
CVSS3: 6.1

Описание

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5mailmanOut of support scope
Red Hat Enterprise Linux 6mailmanOut of support scope
Red Hat Enterprise Linux 7mailmanWill not fix
Red Hat Enterprise Linux 8mailmanFixedRHSA-2020:466704.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1830007mailman: XSS via file attachments in list archives

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-12137

CVSS3: 6.1
ubuntu
почти 6 лет назад

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.

nvd логотип

CVE-2020-12137

CVSS3: 6.1
nvd
почти 6 лет назад

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.

debian логотип

CVE-2020-12137

CVSS3: 6.1
debian
почти 6 лет назад

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed app ...

suse-cvrf логотип

SUSE-SU-2020:14356-1

suse-cvrf
почти 6 лет назад

Security update for mailman

github логотип

GHSA-7mvx-jp9h-p8gh

CVSS3: 6.1
github
больше 3 лет назад

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.

6.1 Medium

CVSS3