CVE-2001-1132
First published: Wed Sep 05 2001(Updated: )
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Mailman | <=2.0.5 | |
| Mailman | <=2.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-1132?
CVE-2001-1132 has a moderate severity level as it allows unauthorized access to list administrative pages.
How do I fix CVE-2001-1132?
To fix CVE-2001-1132, upgrade Mailman to version 2.0.6 or later.
What versions of Mailman are affected by CVE-2001-1132?
Mailman versions 2.0.x before 2.0.6 are vulnerable to CVE-2001-1132.
What type of attacks does CVE-2001-1132 exploit?
CVE-2001-1132 is exploited through remote attacks by utilizing an empty site or list password.
What is the main issue with authentication in CVE-2001-1132?
CVE-2001-1132's main issue lies in the improper handling of the crypt function during authentication.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/tags
- collector/nvd-index
- vendor/gnu
- canonical/gnu mailman
- version/gnu mailman/2.0.5
- canonical/mailman
- version/mailman/2.0.5