CVE-2009-2964

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2009-2964
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13818 Patch
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818&view=markup&pathrev=13818 Patch
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html
http://www.squirrelmail.org/security/issue/2009-08-12 Patch Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html
http://www.vupen.com/english/advisories/2009/2262 Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=517312 Patch
http://www.osvdb.org/57001
http://secunia.com/advisories/36363 Vendor Advisory
http://secunia.com/advisories/34627 Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:222
http://www.securityfocus.com/bid/36196
http://secunia.com/advisories/37415
http://www.vupen.com/english/advisories/2009/3315
http://osvdb.org/60469
https://gna.org/forum/forum.php?forum_id=2146
http://download.gna.org/nasmail/nasmail-1.7.zip
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
http://secunia.com/advisories/40220
http://www.vupen.com/english/advisories/2010/1481
http://support.apple.com/kb/HT4188
http://www.vupen.com/english/advisories/2010/2080
http://www.debian.org/security/2010/dsa-2091
http://secunia.com/advisories/40964
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html
http://jvn.jp/en/jp/JVN30881447/index.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/52406
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:r1:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.5_rc1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.6-rc1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.0_rc3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*
Information

Published : 2009-08-25 10:30

Updated : 2017-09-18 18:29

NVD link : CVE-2009-2964

Mitre link : CVE-2009-2964

JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa
Products Affected

squirrelmail

  • squirrelmail