4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.016 Low
EPSS
Percentile
85.6%
Several vulnerabilities have been discovered in Squirrelmail, a
commonly used webmail system. The Common Vulnerabilities and
Exposures project identifies the following problems:
CAN-2005-1769
Martijn Brinkers discovered cross-site scripting vulnerabilities
that allow remote attackers to inject arbitrary web script or HTML
in the URL and e-mail messages.
CAN-2005-2095
James Bercegay of GulfTech Security discovered a vulnerability in
the variable handling which could lead to attackers altering other
people’s preferences and possibly reading them, writing files at
any location writable for www-data and cross site scripting.
For the old stable distribution (woody) these problems have been fixed in
version 1.2.6-4.
For the stable distribution (sarge) these problems have been fixed in
version 1.4.4-6sarge1.
For the unstable distribution (sid) these problems have been fixed in
version 1.4.4-6sarge1.
We recommend that you upgrade your squirrelmail package.
CPE | Name | Operator | Version |
---|---|---|---|
squirrelmail | eq | 2:1.4.4-5 | |
squirrelmail | eq | 2:1.4.4-6 |