CVE-2003-1367

The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://securityreason.com/securityalert/3235
http://www.securityfocus.com/archive/1/310113	Exploit
http://www.securityfocus.com/bid/6761
https://exchange.xforce.ibmcloud.com/vulnerabilities/11243
http://securityreason.com/securityalert/3235
http://www.securityfocus.com/archive/1/310113	Exploit
http://www.securityfocus.com/bid/6761
https://exchange.xforce.ibmcloud.com/vulnerabilities/11243

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:great_circle_associates:majordomo::::::::
	cpe:2.3:a:great_circle_associates:majordomo:1.94.4:::::::*
	cpe:2.3:a:great_circle_associates:majordomo:1.94.5:::::::*

History

No history.

Information

Published : 2003-12-31 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2003-1367

Mitre link : CVE-2003-1367

CVE.ORG link : CVE-2003-1367

JSON object : View

Products Affected

great_circle_associates

majordomo

CWE

CWE-16

Configuration

{"id": "CVE-2003-1367", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-12-31T05:00:00.000", "references": [{"url": "http://securityreason.com/securityalert/3235", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/310113", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/6761", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11243", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3235", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/310113", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/6761", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11243", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-16"}]}], "descriptions": [{"lang": "en", "value": "The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to \"open\" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a \"which\" command."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:great_circle_associates:majordomo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68B1A7ED-CEF6-4076-88DB-16DDEBC7970A", "versionEndIncluding": "2.0"}, {"criteria": "cpe:2.3:a:great_circle_associates:majordomo:1.94.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87D144BA-FE24-4894-BF02-03646750D298"}, {"criteria": "cpe:2.3:a:great_circle_associates:majordomo:1.94.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE7CCEAA-C667-4201-9986-90FD17EE3F90"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}