02 Sep 2016

CVE-2016-7123 Vulnerability

Publié par . Publié dans CSRF Cross-Site Request Forgery

Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators. (CVSS:6.8) (Last Update:2016-09-02)

Vulnerability Details :

- CVSS Scores & Vulnerability Types

CVSS Score	6.8
Confidentiality Impact	Partial(There is considerable informational disclosure.)
Integrity Impact	Partial(Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	Partial(There is reduced performance or interruptions in resource availability.)
Access Complexity	Medium(The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required(Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	CSRF
CWE ID	352

- Products Affected By CVE-2016-7123

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	Application	GNU	Mailman	2.1.14	RC1			Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
GNU	Mailman	1

- References For CVE-2016-7123

https://bugs.launchpad.net/bugs/1614841 CONFIRM

- Metasploit Modules Related To CVE-2016-7123

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)

CVE-2016-7123 Vulnerability

Vulnerability Details :

- CVSS Scores & Vulnerability Types

- Products Affected By CVE-2016-7123

- Number Of Affected Versions By Product

- References For CVE-2016-7123

- Metasploit Modules Related To CVE-2016-7123

Pour nous Contacter

Newsletter Cybersécurité

Ressources Sécurité

Notre expertise cybersécurité validée par de multiples certifications internationales