Sympa Unauthorised List Creation Security Issue Network Vulnerability

Summary

The remote host seems to be running sympa, an open source mailing list software. This version of Sympa has an authentication flaw within the web interface. An attacker, exploiting this flaw, would be able to bypass security mechanisms resulting in the ability to perform listmaster functions remotely.

Solution

Update to version 4.1.2 or newer

References

http://www.sympa.org/

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.0 AV:N/AC:H/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
Apache Struts Cross Site Scripting Vulnerability
Adobe ColdFusion HTTP Response Splitting Vulnerability
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability

Sympa unauthorised list creation security issue

Take action and discover your vulnerabilities