Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2011-2753
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 6.8/10
- Exploit Score
- 8.6/10
- Access Vector
- Network
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.19:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.20:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119
- https://bugzilla.redhat.com/show_bug.cgi?id=720694
- http://www.debian.org/security/2011/dsa-2291
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:123
- http://rhn.redhat.com/errata/RHSA-2012-0103.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68586