CVE-2015-2775

CWE-22Path Traversal8 documents7 sources
Severity
7.6HIGH
EPSS
3.8%
top 11.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GNU MailmanCanonical Ubuntu LinuxDebian Debian Linux+1 more
Timeline
PublishedApr 13
Latest updateMay 17

Description

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

Ubuntumailman< 1:2.1.16-2ubuntu0.1
NVDgnu/mailman2.1.19

Also affects: Debian Linux 7.0, Ubuntu Linux 12.04, 14.04, 14.10, Enterprise Linux 7.0

🔴Vulnerability Details

3
GHSA
GHSA-rhjr-qgg7-67wg: Directory traversal vulnerability in GNU Mailman before 22022-05-17
CVEList
CVE-2015-2775: Directory traversal vulnerability in GNU Mailman before 22015-04-13
OSV
CVE-2015-2775: Directory traversal vulnerability in GNU Mailman before 22015-04-01

📋Vendor Advisories

2
Ubuntu
Mailman vulnerability2015-04-07
Red Hat
mailman: directory traversal in MTA transports that deliver programmatically2015-03-31

💬Community

2
Bugzilla
CVE-2015-2775 mailman: directory traversal in MTA transports that deliver programmatically [fedora-all]2015-04-01
Bugzilla
CVE-2015-2775 mailman: directory traversal in MTA transports that deliver programmatically2015-04-01
CVE-2015-2775 (HIGH CVSS 7.6) | Directory traversal vulnerability i | cvebase.io