Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2010 Greenbone AGOPENVAS:1361412562310100759
HistoryAug 13, 2010 - 12:00 a.m.

SquirrelMail Remote Denial of Service Vulnerability

2010-08-1300:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
14

6.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.115 Low

EPSS

Percentile

95.2%

JSON

SquirrelMail is prone to a remote denial-of-service vulnerability
because it fails to properly handle certain user requests.

# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:squirrelmail:squirrelmail";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.100759");
  script_version("2024-03-01T14:37:10+0000");
  script_tag(name:"last_modification", value:"2024-03-01 14:37:10 +0000 (Fri, 01 Mar 2024)");
  script_tag(name:"creation_date", value:"2010-08-13 12:44:16 +0200 (Fri, 13 Aug 2010)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_cve_id("CVE-2010-2813");
  script_name("SquirrelMail Remote Denial of Service Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_family("Web application abuses");
  script_copyright("Copyright (C) 2010 Greenbone AG");
  script_dependencies("squirrelmail_detect.nasl");
  script_mandatory_keys("squirrelmail/installed");

  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/42399");
  script_xref(name:"URL", value:"http://www.squirrelmail.org/security/issue/2010-07-23");
  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=618096");

  script_tag(name:"impact", value:"An attacker can exploit this issue to cause the application to consume
  excessive disk space, resulting in denial-of-service conditions.");

  script_tag(name:"affected", value:"SquirrelMail versions prior and up to 1.4.20 are vulnerable. Others
  may also be affected.");

  script_tag(name:"solution", value:"Updates are available. Please see the references for more information.");

  script_tag(name:"summary", value:"SquirrelMail is prone to a remote denial-of-service vulnerability
  because it fails to properly handle certain user requests.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! port = get_app_port( cpe:CPE ) )
  exit( 0 );

if( ! vers = get_app_version( cpe:CPE, port:port ) )
  exit( 0 );

if( version_is_less( version:vers, test_version:"1.4.21" ) ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:"1.4.21" );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

Related

nessus 12
openvas 22
cve 2
osv 1
veracode 2
prion 2
fedora 2
oraclelinux 2
ubuntucve 2
securityvulns 4
debian 1
centos 2
redhat 2
nessus
nessus
Fedora 13 : squirrelmail-1.4.21-1.fc13 (2010-11422)
2010-08-12 00:00:00
Fedora 12 : squirrelmail-1.4.21-1.fc12 (2010-11410)
2010-08-12 00:00:00
RHEL 5 : squirrelmail (RHSA-2013:0126)
2013-01-08 00:00:00
openvas
openvas
Mandriva Update for squirrelmail MDVSA-2010:158 (squirrelmail)
2010-08-30 00:00:00
Mandriva Update for squirrelmail MDVSA-2010:158 (squirrelmail)
2010-08-30 00:00:00
Oracle: Security Advisory (ELSA-2013-0126)
2015-10-06 00:00:00
cve
cve
CVE-2010-2813
2010-08-19 18:00:00
CVE-2012-2124
2013-01-18 11:48:00
osv
osv
squirrelmail - cross-site request forgery
2010-08-12 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:06:28
Denial Of Service
2019-01-15 08:52:47
prion
prion
Design/Logic Flaw
2010-08-19 18:00:00
Design/Logic Flaw
2013-01-18 11:48:00
fedora
fedora
[SECURITY] Fedora 13 Update: squirrelmail-1.4.21-1.fc13
2010-08-12 04:11:47
[SECURITY] Fedora 12 Update: squirrelmail-1.4.21-1.fc12
2010-08-12 04:08:08
oraclelinux
oraclelinux
squirrelmail security and bug fix update
2013-01-11 00:00:00
squirrelmail security update
2012-02-08 00:00:00
ubuntucve
ubuntucve
CVE-2010-2813
2010-08-19 00:00:00
CVE-2012-2124
2013-01-18 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2091-1] New squirrelmail packages fix cross-site request forgery
2010-08-14 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2010-08-14 00:00:00
Apple OS X multiple security vulnerabilities
2012-02-03 00:00:00
debian
debian
[SECURITY] [DSA 2091-1] New squirrelmail packages fix cross-site request forgery
2010-08-12 20:20:02
centos
centos
squirrelmail security update
2013-01-09 20:54:52
squirrelmail security update
2012-02-08 20:29:14
redhat
redhat
(RHSA-2013:0126) Low: squirrelmail security and bug fix update
2013-01-08 00:00:00
(RHSA-2012:0103) Moderate: squirrelmail security update
2012-02-08 00:00:00

6.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.115 Low

EPSS

Percentile

95.2%

JSON
Related for OPENVAS:1361412562310100759
nessus12openvas22cve2osv1veracode2prion2fedora2oraclelinux2ubuntucve2securityvulns4debian1centos2redhat2