vulnerability

FreeBSD: VID-9908a1cc-35ad-424d-be0b-7e56abd5931a (CVE-2020-9369): sympa -- Denial of service caused by malformed CSRF token

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	May 22, 2020	May 28, 2020	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

May 22, 2020

Added

May 28, 2020

Modified

Dec 10, 2025

Description

Javier Moreno discovered a vulnerability in Sympa web interface that can cause denial of service (DoS) attack. By submitting requests with malformed parameters, this flaw allows to create junk files in Sympa's directory for temporary files. And particularly by tampering token to prevent CSRF, it allows to originate exessive notification messages to listmasters.

Solution

freebsd-upgrade-package-sympa

References

CVE-2020-9369
https://attackerkb.com/topics/CVE-2020-9369
CWE-400

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today