Home Packages KEV Critical Insights Jobs Pricing

Loading…

Data from OSV.dev, CISA KEV, and FIRST EPSS.Sync status GitHub

CVE-2004-0412 — Mailman Sensitive Information Disclosure · VulnScope

CVE-2004-0412

Mailman Sensitive Information Disclosure

EPSS 3.7%

Description

Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.

How to fix CVE-2004-0412

To remediate CVE-2004-0412, upgrade the affected package to a fixed version below.

PyPI/mailman—upgrade to 2.1.5 or later

Is CVE-2004-0412 being exploited?

Low — EPSS is 3.7%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 2.1.5

References (11)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2004-0412
WEBdistro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842
WEBmail.python.org/pipermail/mailman-announce/2004-May/000072.html
WEBmarc.info/?l=bugtraq&m=109034869927955&w=2

Metadata

Published: 4/29/2022
Modified: 11/28/2024

Also known as:

GHSA-hj4h-vqpq-95wgghsa

WEB

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559

WEBsecunia.com/advisories/11701

WEBsecurity.gentoo.org/glsa/glsa-200406-04.xml

WEBexchange.xforce.ibmcloud.com/vulnerabilities/16256

WEBgitlab.com/mailman

WEBwww.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:051

WEBwww.securityfocus.com/bid/10412