Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2004:240
HistoryJun 14, 2004 - 12:00 a.m.

(RHSA-2004:240) squirrelmail security update

2004-06-1400:00:00
access.redhat.com
14

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.023 Low

EPSS

Percentile

88.5%

JSON

SquirrelMail is a webmail package written in PHP. Multiple
vulnerabilities have been found which affect the version of SquirrelMail
shipped with Red Hat Enterprise Linux 3.

An SQL injection flaw was found in SquirrelMail version 1.4.2 and earlier.
If SquirrelMail is configured to store user addressbooks in the database, a
remote attacker could use this flaw to execute arbitrary SQL statements.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2004-0521 to this issue.

A number of cross-site scripting (XSS) flaws in SquirrelMail version 1.4.2
and earlier could allow remote attackers to execute script as other web
users. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CAN-2004-0519 and CAN-2004-0520 to these issues.

All users of SquirrelMail are advised to upgrade to the erratum package
containing SquirrelMail version 1.4.3a which is not vulnerable to these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanynoarchsquirrelmail< 1.4.3-0.e3.1squirrelmail-1.4.3-0.e3.1.noarch.rpm

Related

nessus 10
openvas 8
osv 1
debian 1
gentoo 2
cve 3
nuclei 1
freebsd 1
nessus
nessus
RHEL 3 : squirrelmail (RHSA-2004:240)
2004-07-06 00:00:00
SquirrelMail < 1.4.3 Multiple Vulnerabilities
2004-05-05 00:00:00
Fedora Core 2 : squirrelmail-1.4.3-1 (2004-160)
2004-07-23 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-535)
2008-01-17 00:00:00
Debian Security Advisory DSA 535-1 (squirrelmail)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200405-16 (SquirrelMail)
2008-09-24 00:00:00
osv
osv
squirrelmail - several vulnerabilities
2004-08-02 00:00:00
debian
debian
[SECURITY] [DSA 535-1] New squirrelmail packages fix multiple vulnerabilities
2004-08-03 02:23:17
gentoo
gentoo
Multiple XSS Vulnerabilities in SquirrelMail
2004-05-25 00:00:00
Squirrelmail: Another XSS vulnerability
2004-06-15 00:00:00
cve
cve
CVE-2004-0520
2004-08-18 04:00:00
CVE-2004-0519
2004-08-18 04:00:00
CVE-2004-0521
2004-08-18 04:00:00
nuclei
nuclei
SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
2021-11-15 18:14:18
freebsd
freebsd
"Content-Type" XSS vulnerability affecting other webmail systems
2004-05-29 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.023 Low

EPSS

Percentile

88.5%

JSON
Related for RHSA-2004:240
nessus10openvas8osv1debian1gentoo2cve3nuclei1freebsd1