Lucene search

[email protected]CVE-2006-3665

HistoryJul 18, 2006 - 3:47 p.m.

CVE-2006-3665

2006-07-1815:47:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-3665

squirrelmail

register_globals

cookie hijacking

remote attack

6.8 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.4%

JSON

SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while “cookie theft” is frequently associated with XSS, the vendor disclosure is too vague to be certain of this.

CPENameOperatorVersion
squirrelmail:squirrelmailsquirrelmaileq1.4.6

CPE	Name	Operator	Version
squirrelmail:squirrelmail	squirrelmail	eq	1.4.6

References

www.securityfocus.com/bid/17005

www.squirrelmail.org/changelog.php

www.vupen.com/english/advisories/2006/2708

exchange.xforce.ibmcloud.com/vulnerabilities/27632

6.8 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.4%

JSON

Related for CVE-2006-3665

nessus1 ubuntucve1