Detections
Analytics
SquirrelMail < 1.4.4 Multiple Vulnerabilities
medium Nessus Plugin ID 16228
Language:
Synopsis
The remote host has a PHP script that is affected by multiple vulnerabilities.Description
The target is running at least one instance of SquirrelMail whose version number suggests it is affected by one or more cross-site scripting vulnerabilities :- Insufficient escaping of integer variables in webmail.php allows a remote attacker to include HTML / script into a SquirrelMail webpage (affects 1.4.0-RC1 - 1.4.4-RC1).
- Insufficient checking of incoming URL vars in webmail.php allows an attacker to include arbitrary remote web pages in the SquirrelMail frameset (affects 1.4.0-RC1 - 1.4.4-RC1).
- A recent change in prefs.php allows an attacker to provide a specially crafted URL that could include local code into the SquirrelMail code if and only if PHP's register_globals setting is enabled (affects 1.4.3-RC1 - 1.4.4-RC1).
***** Nessus has determined the vulnerability exists on the target
***** simply by looking at the version number of Squirrelmail
***** installed there.
Solution
Upgrade to SquirrelMail 1.4.4 or later.Plugin Details
Severity: Medium
ID: 16228
File Name: squirrelmail_144.nasl
Version: 1.20
Type: remote
Family: CGI abuses
Published: 1/24/2005
Updated: 6/4/2024
Configuration: Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: Medium
Score: 5.5
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/a:squirrelmail:squirrelmail
Required KB Items: www/squirrelmail
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Vulnerability Publication Date: 1/14/2005
Reference Information
CVE: CVE-2005-0075, CVE-2005-0103, CVE-2005-0104
BID: 12337