Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2005:135
HistoryFeb 10, 2005 - 12:00 a.m.

(RHSA-2005:135) squirrelmail security update

2005-02-1000:00:00
access.redhat.com
13

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.029 Low

EPSS

Percentile

89.7%

JSON

SquirrelMail is a standards-based webmail package written in PHP4.

Jimmy Conner discovered a missing variable initialization in Squirrelmail.
This flaw could allow potential insecure file inclusions on servers where
the PHP setting “register_globals” is set to “On”. This is not a default or
recommended setting. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0075 to this issue.

A URL sanitisation bug was found in Squirrelmail. This flaw could allow a
cross site scripting attack when loading the URL for the sidebar. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0103 to this issue.

A missing variable initialization bug was found in Squirrelmail. This flaw
could allow a cross site scripting attack. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0104 to
this issue.

Users of Squirrelmail are advised to upgrade to this updated package,
which contains backported patches to correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanynoarchsquirrelmail< 1.4.3a-9.EL3squirrelmail-1.4.3a-9.EL3.noarch.rpm

Related

openvas 9
redhat 1
nessus 8
gentoo 1
freebsd 1
securityvulns 1
ubuntucve 3
cve 3
veracode 1
debian 4
osv 1
openvas
openvas
Gentoo Security Advisory GLSA 200501-39 (SquirrelMail)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200501-39 (SquirrelMail)
2008-09-24 00:00:00
SquirrelMail < 1.4.4 XSS Vulnerabilities
2005-11-03 00:00:00
redhat
redhat
(RHSA-2005:099) squirrelmail security update
2005-02-15 00:00:00
nessus
nessus
RHEL 4 : squirrelmail (RHSA-2005:099)
2005-02-22 00:00:00
SquirrelMail < 1.4.4 Multiple Vulnerabilities
2005-01-24 00:00:00
RHEL 3 : squirrelmail (RHSA-2005:135)
2005-02-10 00:00:00
gentoo
gentoo
SquirrelMail: Multiple vulnerabilities
2005-01-28 00:00:00
freebsd
freebsd
squirrelmail -- XSS and remote code injection vulnerabilities
2005-01-29 00:00:00
securityvulns
securityvulns
SquirrelMail Security Advisory
2005-01-30 00:00:00
ubuntucve
ubuntucve
CVE-2005-0104
2005-01-29 00:00:00
CVE-2005-0103
2005-01-24 00:00:00
CVE-2005-0075
2005-01-29 00:00:00
cve
cve
CVE-2005-0103
2005-01-24 05:00:00
CVE-2005-0104
2005-01-29 05:00:00
CVE-2005-0075
2005-01-29 05:00:00
veracode
veracode
Code Injection
2019-07-09 06:36:28
debian
debian
[SECURITY] [DSA 662-2] New squirrelmail package fixes regression
2005-03-14 14:24:00
[SECURITY] [DSA 662-1] New squirrelmail package fixes several vulnerabilities
2005-02-01 14:44:23
[SECURITY] [DSA 662-2] New squirrelmail package fixes regression
2005-03-14 14:24:00
osv
osv
squirrelmail - several
2005-03-14 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.029 Low

EPSS

Percentile

89.7%

JSON
Related for RHSA-2005:135
openvas9redhat1nessus8gentoo1freebsd1securityvulns1ubuntucve3cve3veracode1debian4osv1