|
Lines 168871-168876
Link Here
|
| 168871 |
<entry>2005-09-29</entry> |
168871 |
<entry>2005-09-29</entry> |
| 168872 |
</dates> |
168872 |
</dates> |
| 168873 |
</vuln> |
168873 |
</vuln> |
|
|
168874 |
|
| 168875 |
<vuln vid="9908a1cc-35ad-424d-be0b-7e56abd5931a"> |
| 168876 |
<topic>sympa -- Denial of service caused by malformed CSRF token</topic> |
| 168877 |
<affects> |
| 168878 |
<package> |
| 168879 |
<name>sympa</name> |
| 168880 |
<range><lt>6.2.54</lt></range> |
| 168881 |
</package> |
| 168882 |
</affects> |
| 168883 |
<description> |
| 168884 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
| 168885 |
<p>Javier Moreno discovered a vulnerability in Sympa web interface that can cause |
| 168886 |
denial of service (DoS) attack.</p> |
| 168887 |
<p>By submitting requests with malformed parameters, this flaw allows to create |
| 168888 |
junk files in Sympa’s directory for temporary files. And particularly by |
| 168889 |
tampering token to prevent CSRF, it allows to originate exessive notification |
| 168890 |
messages to listmasters.</p> |
| 168891 |
</body> |
| 168892 |
</description> |
| 168893 |
<references> |
| 168894 |
<cvename>CVE-2020-9369</cvename> |
| 168895 |
<url>https://sympa-community.github.io/security/2020-001.html</url> |
| 168896 |
</references> |
| 168897 |
<dates> |
| 168898 |
<discovery>2020-02-24</discovery> |
| 168899 |
<entry>2020-05-22</entry> |
| 168900 |
</dates> |
| 168901 |
</vuln> |
| 168902 |
|
| 168874 |
</vuxml><!-- EOF --> |
168903 |
</vuxml><!-- EOF --> |
| 168875 |
<!-- Note: Please add new entries to the beginning of this file. --> |
168904 |
<!-- Note: Please add new entries to the beginning of this file. --> |
| 168876 |
<!-- ex: set ts=8 tw=80 sw=2: --> |
168905 |
<!-- ex: set ts=8 tw=80 sw=2: --> |