Lucene search

[email protected]NVD:CVE-2006-0377

HistoryFeb 24, 2006 - 12:02 a.m.

CVE-2006-0377

2006-02-2400:02:00

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.4%

JSON

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka “IMAP injection.”

Affected configurations

NVD

Node

squirrelmailsquirrelmailMatch1.4

squirrelmailsquirrelmailMatch1.4.1

squirrelmailsquirrelmailMatch1.4.2

squirrelmailsquirrelmailMatch1.4.3

squirrelmailsquirrelmailMatch1.4.3_r3

squirrelmailsquirrelmailMatch1.4.3_rc1

squirrelmailsquirrelmailMatch1.4.3a

squirrelmailsquirrelmailMatch1.4.4

squirrelmailsquirrelmailMatch1.4.4_rc1

squirrelmailsquirrelmailMatch1.4.5

squirrelmailsquirrelmailMatch1.4.6_rc1

squirrelmailsquirrelmailMatch1.4_rc1

References

ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc

secunia.com/advisories/18985

secunia.com/advisories/19130

secunia.com/advisories/19131

secunia.com/advisories/19176

secunia.com/advisories/19205

secunia.com/advisories/19960

secunia.com/advisories/20210

securitytracker.com/id?1015662

www.debian.org/security/2006/dsa-988

www.gentoo.org/security/en/glsa/glsa-200603-09.xml

www.mandriva.com/security/advisories?name=MDKSA-2006:049

www.novell.com/linux/security/advisories/2006_05_sr.html

www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html

www.redhat.com/support/errata/RHSA-2006-0283.html

www.securityfocus.com/bid/16756

www.squirrelmail.org/security/issue/2006-02-15

www.vupen.com/english/advisories/2006/0689

exchange.xforce.ibmcloud.com/vulnerabilities/24849

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11470

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.4%

JSON

Related for NVD:CVE-2006-0377

securityvulns2 cvelist1 packetstorm1 ubuntucve1 prion1 cve1 freebsd1 nessus7 openvas6 gentoo1 osv1 centos1 redhat1 debian2