CVE-2001-1132

Mailman < 2.0.6 - Unauthenticated Access to Administrative Pages via Empty Password

Title source: llm
STIX 2.1

Description

Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000420
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7091
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/5455

Scores

EPSS 0.0086
EPSS Percentile 75.2%

Details

Status published
Products (1)
gnu/mailman < 2.0.5
Published Sep 05, 2001
Tracked Since Feb 18, 2026