Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2007:0358
HistoryMay 17, 2007 - 6:22 p.m.

squirrelmail security update

2007-05-1718:22:57
CentOS Project
lists.centos.org
37

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.02 Low

EPSS

Percentile

88.6%

JSON

CentOS Errata and Security Advisory CESA-2007:0358

SquirrelMail is a standards-based webmail package written in PHP4.

Several HTML filtering bugs were discovered in SquirrelMail. An attacker
could inject arbitrary JavaScript leading to cross-site scripting attacks
by sending an e-mail viewed by a user within SquirrelMail.
(CVE-2007-1262)

Squirrelmail did not sufficiently check arguments to IMG tags in HTML
e-mail messages. This could be exploited by an attacker by sending
arbitrary e-mail messages on behalf of a squirrelmail user tricked into opening
a maliciously crafted HTML e-mail message. (CVE-2007-2589)

Users of SquirrelMail should upgrade to this erratum package, which
contains a backported patch to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-May/075937.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075938.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075939.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075950.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075951.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075956.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075959.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075970.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075971.html

Affected packages:
squirrelmail

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0358

OSVersionArchitecturePackageVersionFilename
CentOS3noarchsquirrelmail< 1.4.8-6.el3.centos.1squirrelmail-1.4.8-6.el3.centos.1.noarch.rpm
CentOS3noarchsquirrelmail< 1.4.8-6.el3.centos.1squirrelmail-1.4.8-6.el3.centos.1.noarch.rpm
CentOS3noarchsquirrelmail< 1.4.8-6.el3.centos.1squirrelmail-1.4.8-6.el3.centos.1.noarch.rpm
CentOS4noarchsquirrelmail< 1.4.8-4.0.1.el4.centossquirrelmail-1.4.8-4.0.1.el4.centos.noarch.rpm
CentOS4noarchsquirrelmail< 1.4.8-4.0.1.el4.centossquirrelmail-1.4.8-4.0.1.el4.centos.noarch.rpm
CentOS3noarchsquirrelmail< 1.4.8-6.el3.centos.1squirrelmail-1.4.8-6.el3.centos.1.noarch.rpm
CentOS3noarchsquirrelmail< 1.4.8-6.el3.centos.1squirrelmail-1.4.8-6.el3.centos.1.noarch.rpm
CentOS4noarchsquirrelmail< 1.4.8-4.0.1.el4.centossquirrelmail-1.4.8-4.0.1.el4.centos.noarch.rpm
CentOS4noarchsquirrelmail< 1.4.8-4.0.1.el4.centossquirrelmail-1.4.8-4.0.1.el4.centos.noarch.rpm
CentOS5noarchsquirrelmail< 1.4.8-4.0.1..el5.centos.1squirrelmail-1.4.8-4.0.1..el5.centos.1.noarch.rpm
Rows per page:
1-10 of 111

Related

oraclelinux 1
nessus 10
redhat 1
openvas 7
cve 3
prion 3
ubuntucve 3
veracode 2
freebsd 1
debian 1
jvn 1
fedora 1
seebug 1
oraclelinux
oraclelinux
Moderate: squirrelmail security update
2007-05-17 00:00:00
nessus
nessus
openSUSE 10 Security Update : squirrelmail (squirrelmail-3944)
2007-10-17 00:00:00
RHEL 3 / 4 / 5 : squirrelmail (RHSA-2007:0358)
2007-05-20 00:00:00
Scientific Linux Security Update : squirrelmail on SL5.x, SL4.x, SL3.x i386/x86_64
2012-08-01 00:00:00
redhat
redhat
(RHSA-2007:0358) Moderate: squirrelmail security update
2007-05-17 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2007-0358)
2015-10-08 00:00:00
Debian: Security Advisory (DSA-1290-1)
2008-01-17 00:00:00
FreeBSD Ports: squirrelmail
2008-09-04 00:00:00
cve
cve
CVE-2007-2589
2007-05-11 04:20:00
CVE-2007-1262
2007-05-11 04:20:00
CVE-2007-2631
2007-05-13 23:19:00
prion
prion
Cross site request forgery (csrf)
2007-05-11 04:20:00
Cross site scripting
2007-05-11 04:20:00
Cross site request forgery (csrf)
2007-05-13 23:19:00
ubuntucve
ubuntucve
CVE-2007-1262
2007-05-11 00:00:00
CVE-2007-2589
2007-05-11 00:00:00
CVE-2007-2631
2007-05-13 00:00:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2020-04-10 00:14:06
Cross-site Scripting (XSS)
2020-04-10 00:14:05
freebsd
freebsd
squirrelmail -- Cross site scripting in HTML filter
2007-05-09 00:00:00
debian
debian
[SECURITY] [DSA 1290-1] New squirrelmail packages fix cross-site scripting
2007-05-13 11:55:13
jvn
jvn
JVN#09157962: SquirrelMail vulnerable to cross-site scripting
2011-01-07 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: squirrelmail-1.4.10a-1.fc6
2007-05-14 17:19:18
seebug
seebug
Mac OS X 2007-007更新修复多个安全漏洞
2007-08-02 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.02 Low

EPSS

Percentile

88.6%

JSON
Related for CESA-2007:0358
oraclelinux1nessus10redhat1openvas7cve3prion3ubuntucve3veracode2freebsd1debian1jvn1fedora1seebug1