Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2091-1
HistoryAug 12, 2010 - 12:00 a.m.

squirrelmail - cross-site request forgery

2010-08-1200:00:00
Google
osv.dev
12

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.115 Low

EPSS

Percentile

94.4%

JSON

SquirrelMail, a webmail application, does not employ a user-specific token
for webforms. This allows a remote attacker to perform a Cross Site Request
Forgery (CSRF) attack. The attacker may hijack the authentication of
unspecified victims and send messages or change user preferences among other
actions, by tricking the victim into following a link controlled by the
offender.

In addition, a denial-of-service was fixed, which could be triggered when a
password containing 8-bit characters was used to log in (CVE-2010-2813).

For the stable distribution (lenny), these problems have been fixed in
version 1.4.15-4+lenny3.1.

For the testing distribution (squeeze) and the unstable distribution (sid),
these problems have been fixed in version 1.4.21-1.

We recommend that you upgrade your squirrelmail packages.

Related

openvas 23
nessus 12
cve 2
veracode 2
prion 2
oraclelinux 2
fedora 2
redhat 2
securityvulns 4
centos 2
debian 1
ubuntucve 2
openvas
openvas
Mandriva Update for squirrelmail MDVSA-2010:158 (squirrelmail)
2010-08-30 00:00:00
Mandriva Update for squirrelmail MDVSA-2010:158 (squirrelmail)
2010-08-30 00:00:00
SquirrelMail Remote Denial of Service Vulnerability
2010-08-13 00:00:00
nessus
nessus
Fedora 13 : squirrelmail-1.4.21-1.fc13 (2010-11422)
2010-08-12 00:00:00
Fedora 12 : squirrelmail-1.4.21-1.fc12 (2010-11410)
2010-08-12 00:00:00
RHEL 5 : squirrelmail (RHSA-2013:0126)
2013-01-08 00:00:00
cve
cve
CVE-2010-2813
2010-08-19 18:00:00
CVE-2012-2124
2013-01-18 11:48:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:06:28
Denial Of Service
2019-01-15 08:52:47
prion
prion
Design/Logic Flaw
2010-08-19 18:00:00
Design/Logic Flaw
2013-01-18 11:48:00
oraclelinux
oraclelinux
squirrelmail security and bug fix update
2013-01-11 00:00:00
squirrelmail security update
2012-02-08 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: squirrelmail-1.4.21-1.fc13
2010-08-12 04:11:47
[SECURITY] Fedora 12 Update: squirrelmail-1.4.21-1.fc12
2010-08-12 04:08:08
redhat
redhat
(RHSA-2013:0126) Low: squirrelmail security and bug fix update
2013-01-08 00:00:00
(RHSA-2012:0103) Moderate: squirrelmail security update
2012-02-08 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2091-1] New squirrelmail packages fix cross-site request forgery
2010-08-14 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2010-08-14 00:00:00
Apple OS X multiple security vulnerabilities
2012-02-03 00:00:00
centos
centos
squirrelmail security update
2013-01-09 20:54:52
squirrelmail security update
2012-02-08 20:29:14
debian
debian
[SECURITY] [DSA 2091-1] New squirrelmail packages fix cross-site request forgery
2010-08-12 20:20:02
ubuntucve
ubuntucve
CVE-2012-2124
2013-01-18 00:00:00
CVE-2010-2813
2010-08-19 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.115 Low

EPSS

Percentile

94.4%

JSON
Related for OSV:DSA-2091-1
openvas23nessus12cve2veracode2prion2oraclelinux2fedora2redhat2securityvulns4centos2debian1ubuntucve2