cnvd - cnvd-2018-18111

CNVD-2018-18111

Vulnerability from cnvd - Published: 2018-09-10

Title

Sympa开放重定向漏洞

Description

Sympa是一套可拓展性强、高度自定义化的邮件列表软件。该软件提供多套模板、自定义身份鉴定后端和鉴定脚本，以及支持各种邮件列表后端（LDAP、SQL、文本、列表或者其它）。 Sympa 6.2.16及之后的版本中的wwsympa.fcgi登录操作的‘referer’参数存在开放重定向漏洞。攻击者可借助URLs利用该漏洞将用户重定向到其他网站。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://github.com/sympa-community/sympa

Reference

https://github.com/sympa-community/sympa/issues/268

Impacted products

Name
Sympa Sympa >=6.2.16

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1000671"
    }
  },
  "description": "Sympa\u662f\u4e00\u5957\u53ef\u62d3\u5c55\u6027\u5f3a\u3001\u9ad8\u5ea6\u81ea\u5b9a\u4e49\u5316\u7684\u90ae\u4ef6\u5217\u8868\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u591a\u5957\u6a21\u677f\u3001\u81ea\u5b9a\u4e49\u8eab\u4efd\u9274\u5b9a\u540e\u7aef\u548c\u9274\u5b9a\u811a\u672c\uff0c\u4ee5\u53ca\u652f\u6301\u5404\u79cd\u90ae\u4ef6\u5217\u8868\u540e\u7aef\uff08LDAP\u3001SQL\u3001\u6587\u672c\u3001\u5217\u8868\u6216\u8005\u5176\u5b83\uff09\u3002\r\n\r\nSympa 6.2.16\u53ca\u4e4b\u540e\u7684\u7248\u672c\u4e2d\u7684wwsympa.fcgi\u767b\u5f55\u64cd\u4f5c\u7684\u2018referer\u2019\u53c2\u6570\u5b58\u5728\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9URLs\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u5230\u5176\u4ed6\u7f51\u7ad9\u3002",
  "discovererName": "hmpf",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://github.com/sympa-community/sympa",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-18111",
  "openTime": "2018-09-10",
  "products": {
    "product": "Sympa Sympa \u003e=6.2.16"
  },
  "referenceLink": "https://github.com/sympa-community/sympa/issues/268",
  "serverity": "\u4e2d",
  "submitTime": "2018-09-10",
  "title": "Sympa\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e"
}

CVE-2018-1000671 (GCVE-0-2018-1000671)

Vulnerability from cvelistv5 – Published: 2018-09-06 18:00 – Updated: 2024-08-05 12:40

Summary

sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/sympa-community/sympa/issues/268	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4442-1/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:40:47.942Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/sympa-community/sympa/issues/268"
          },
          {
            "name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1512-1] sympa security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html"
          },
          {
            "name": "USN-4442-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4442-1/"
          },
          {
            "name": "[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-09-03T00:00:00",
      "datePublic": "2018-08-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in The \"referer\" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim\u0027s browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-09T14:06:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sympa-community/sympa/issues/268"
        },
        {
          "name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1512-1] sympa security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html"
        },
        {
          "name": "USN-4442-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4442-1/"
        },
        {
          "name": "[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2018-09-03T16:07:16.981347",
          "DATE_REQUESTED": "2018-08-26T16:04:53",
          "ID": "CVE-2018-1000671",
          "REQUESTER": "john@nixnuts.net",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in The \"referer\" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim\u0027s browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/sympa-community/sympa/issues/268",
              "refsource": "MISC",
              "url": "https://github.com/sympa-community/sympa/issues/268"
            },
            {
              "name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1512-1] sympa security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html"
            },
            {
              "name": "USN-4442-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4442-1/"
            },
            {
              "name": "[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000671",
    "datePublished": "2018-09-06T18:00:00",
    "dateReserved": "2018-08-26T00:00:00",
    "dateUpdated": "2024-08-05T12:40:47.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-18111

CVE-2018-1000671 (GCVE-0-2018-1000671)

Tags

Sightings

Nomenclature