Vulnerability Description
The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Great Circle Associates | Majordomo | <= 2.0 |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/3235
- http://www.securityfocus.com/archive/1/310113Exploit
- http://www.securityfocus.com/bid/6761
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11243
- http://securityreason.com/securityalert/3235
- http://www.securityfocus.com/archive/1/310113Exploit
- http://www.securityfocus.com/bid/6761
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11243
FAQ
What is CVE-2003-1367?
CVE-2003-1367 is a vulnerability with a CVSS score of 7.8 (HIGH). The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mail...
How severe is CVE-2003-1367?
CVE-2003-1367 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1367?
Check the references section above for vendor advisories and patch information. Affected products include: Great Circle Associates Majordomo.