SquirrelMail 'mail_fetch' Remote Information Disclosure Vulnerability

Published: 2010-06-22 10:10:21
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact:
Attackers can exploit this issue to obtain potentially sensitive information that may lead to further attacks.

Affected Versions:
This issue affects SquirrelMail 1.4.x versions.

Recommendations:
Updates are available. Please see the references for more information.

Summary:
SquirrelMail is prone to a remote information-disclosure vulnerability.

Solution Type:
Vendor Patch

Detection Type:
Remote Banner Unreliable

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2010-1637

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/40291

References:

https://www.securityfocus.com/bid/40291
http://permalink.gmane.org/gmane.comp.security.oss.general/2935
http://permalink.gmane.org/gmane.comp.security.oss.general/3064
http://permalink.gmane.org/gmane.comp.security.oss.general/2936
http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69
http://www.squirrelmail.org

Search
Severity
Medium
CVSS Score
4.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.