CVE-2003-1367

The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command.

Published: Dec 31, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-1367
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

CWEs:

CWE-16

OWASP TOP 10:

A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
great_circle_associates / majordomo	-	2.0.x
great_circle_associates / majordomo	1.94.4	1.94.4.x
great_circle_associates / majordomo	1.94.5	1.94.5.x

http://securityreason.com/securityalert/3235
http://www.securityfocus.com/archive/1/310113
http://www.securityfocus.com/bid/6761
https://exchange.xforce.ibmcloud.com/vulnerabilities/11243

Vulnerability Database

289,697

CVE-2003-1367