Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Majordomo默认配置远程列表订阅者泄露漏洞
Vulnerability Description
Majordomo是一款开放源代码流行的邮件列表系统。 Majordomo没有充分处理好对订阅者列表信息的请求,远程攻击者可以利用这个漏洞发送特殊命令获得订阅者列表。 如果Majordomo配置文件中设置'which_access'选项为"open",那么所有邮件地址可以被攻击者获得。默认情况下,'which_access'设置为"open"。Majordomo有如下文档描述: "默认情况下,任何人(包含不是订阅者)可以使用"who", "which", "index", 和 "get"获得列表。如你在$
CVSS Information
N/A
Vulnerability Type
N/A