VDB
CVE-2012-2352
CVE-2012-2352
REJECTED
The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions.
EPSS 1.25% · 79.7th percentile
Risk Scores
EPSS Score
1.25%
79.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | sympa | 0, 6.1.11~dfsg-5 |
Timeline
- May 16, 2012 CVE Published
- Jun 6, 2012 CVE Updated
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2012-2352 third-party-advisory
- http://www.openwall.com/lists/oss-security/2012/05/12/8 third-party-advisory
- http://www.openwall.com/lists/oss-security/2012/05/12 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2012-2352 third-party-advisory