 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.900830 |
| Kategorie: | Web application abuses |
| Titel: | SquirrelMail Multiple Cross-Site Request Forgery Vulnerabilities |
| Zusammenfassung: | This host is running SquirrelMail and is prone to multiple Cross; Site Request Forgery vulnerabilities. |
| Beschreibung: | Summary: This host is running SquirrelMail and is prone to multiple Cross Site Request Forgery vulnerabilities. Vulnerability Insight: Multiple CSRF errors are caused via features such as send message and change preferences, related to addrbook_search_html.php, folders_rename_getname.php, folders_rename_do.php, folders_subscribe.php, move_messages.php, options.php, options_highlight.php, options_identities.php, options_order.php, search.php, addressbook.php, compose.php, folders.php, folders_create.php, vcard.php and folders_delete.php in /src and mailbox_display.php in functions directory. Vulnerability Impact: Attacker may leverage this issue to modify user preferences, delete emails, and potentially send emails, and can hijack the authentication of unspecified victims. Affected Software/OS: SquirrelMail version 1.4.19 and prior on Linux. Solution: Upgrade to version 1.4.20 RC1 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-2964 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html BugTraq ID: 36196 http://www.securityfocus.com/bid/36196 Debian Security Information: DSA-2091 (Google Search) http://www.debian.org/security/2010/dsa-2091 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html http://jvn.jp/en/jp/JVN30881447/index.html http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:222 http://www.osvdb.org/57001 http://osvdb.org/60469 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668 http://secunia.com/advisories/34627 http://secunia.com/advisories/36363 http://secunia.com/advisories/37415 http://secunia.com/advisories/40220 http://secunia.com/advisories/40964 http://www.vupen.com/english/advisories/2009/2262 http://www.vupen.com/english/advisories/2009/3315 http://www.vupen.com/english/advisories/2010/1481 http://www.vupen.com/english/advisories/2010/2080 XForce ISS Database: squirrelmail-unspecified-csrf(52406) https://exchange.xforce.ibmcloud.com/vulnerabilities/52406 |
| Copyright | Copyright (C) 2009 Greenbone Networks GmbH |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |