CVE-2012-2352

EPSS 1.2%

sympa - authorization bypass

Published: 5/31/2012Modified: 4/28/2026

Also known as:DEBIAN-CVE-2012-2352

Description

The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions.

Affected packages (2)

Debian/sympafrom 0, < 6.1.11~dfsg-1
Debian/sympafrom 0, < 6.0.1+dfsg-4+squeeze1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-2352