Vulnerability Name: | CVE-2004-1143 (CCN-18857) |
Assigned: | 2004-12-31 |
Published: | 2004-12-31 |
Updated: | 2017-07-11 |
Summary: | The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
|
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): Low |
|
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial |
|
Vulnerability Type: | CWE-Other
|
Vulnerability Consequences: | Obtain Information |
References: | Source: CONFIRM Type: Patch http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796
Source: MITRE Type: CNA CVE-2004-1143
Source: BUGTRAQ Type: UNKNOWN 20050110 [USN-59-1] mailman vulnerabilities
Source: CCN Type: SA13603 Mailman Cross-Site Scripting and Weak Password Generation
Source: SECUNIA Type: UNKNOWN 13603
Source: CCN Type: Mailman Web site Project: Mailman: File List
Source: SUSE Type: UNKNOWN SUSE-SA:2005:007
Source: CCN Type: OSVDB ID: 12854 Mailman Error Page XSS
Source: CCN Type: BID-12243 GNU Mailman Multiple Remote Vulnerabilities
Source: XF Type: UNKNOWN mailman-weak-encryption(18857)
Source: XF Type: UNKNOWN mailman-weak-encryption(18857)
Source: SUSE Type: SUSE-SA:2005:007 mailman: remote file disclosure
|
Vulnerable Configuration: | Configuration 1: cpe:/a:gnu:mailman:1.0:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:1.1:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0:beta3:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0:beta4:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0:beta5:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.1:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.2:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.3:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.4:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.5:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.6:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.7:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.8:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.9:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.10:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.11:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.12:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.13:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.1:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.1.1:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.1.2:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.1.3:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.1.4:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.1b1:*:*:*:*:*:*:* Configuration CCN 1: cpe:/a:gnu:mailman:2.1:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:1.0:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:1.1:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.1:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.10:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.11:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.12:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.13:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.2:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.3:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.4:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.5:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.6:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.7:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.8:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0.9:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0:beta3:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0:beta4:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.0:beta5:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.1.1:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.1.2:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.1.3:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.1.4:*:*:*:*:*:*:*OR cpe:/a:gnu:mailman:2.1b1:*:*:*:*:*:*:*AND cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
Denotes that component is vulnerable |
BACK |