| VID |
21247 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The SquirrelMail package installed on the Web server, according to its version number, has multiple vulnerabilities.
SquirrelMail is a webmail package written in PHP. Multiple vulnerabilities have been reported for Squirrelmail version 1.2.11 and earlier which could allow for information disclosure, data corruption, and privilege escalation. The problems appear to occur due to insufficient sanitization of URI parameters submitted within HTTP requests. For successfully exploiting this vulnerability, an attacker must have a valid webmail account.
* Note: This check solely relied on the version number of the remote SquirrelMail to assess this vulnerability, so this might be a false positive.
* References:
http://www.securityfocus.com/archive/1/326398
http://www.securityfocus.com/archive/1/326514
* Affected Software:
SquirrelMail 1.2.11 and earlier |
| Recommendation |
Upgrade to the latest version of SquirrelMail (1.4.0 or later), available from the official web site of SquirrelMail packages at http://www.squirrelmail.org/ |
| Related URL |
(CVE) |
| Related URL |
7952 (SecurityFocus) |
| Related URL |
(ISS) |
|
