Title: Lyris ListManager Hidden Variable Information Disclosure Vulnerability
Severity: MODERATE
Description:
Lyris ListManager is a Web based mailing list manager application written for the Microsoft Windows, Linux and Unix platforms.
Lyris ListManager is prone to an information disclosure vulnerability.
A hidden HTML variable contains information regarding the CGI environment for the application. An attacker may retrieve this information by simply requesting a non-existent Web page.
This vulnerability may be used to disclose the software version and software installation path, which may be helpful in further attacks.
Versions 5.0 through 8.8a are vulnerable; other versions may also be affected.
Affected Products:
- Lyris List Manager 5.0.0
- Lyris List Manager 6.0.0
- Lyris List Manager 7.0.0
- Lyris List Manager 8.0.0
- Lyris List Manager 8.8.0a
References:
- Lyris: List Manager Homepage
- Metasploit: Lyris Listmanager Multiple Vulnerabilities
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
