Detections
Analytics
SquirrelMail < 1.45 Multiple Vulnerabilities
medium Nessus Plugin ID 18504
Language:
Synopsis
The remote web server contains a PHP application that is affected by multiple vulnerabilities.Description
According to its banner, the version of SquirrelMail installed on the remote host is prone to multiple flaws :- Post Variable Handling Vulnerabilities Using specially crafted POST requests, an attacker may be able to set random variables in the file 'options_identities.php', which could lead to accessing other users' preferences, cross-site scripting attacks, and writing to arbitrary files.
- Multiple Cross-Site Scripting Vulnerabilities Using a specially crafted URL or email message, an attacker may be able to exploit these flaws, stealing cookie-based session identifiers and thereby hijacking SquirrelMail sessions.
Solution
Upgrade to SquirrelMail 1.45 or later.See Also
http://www.nessus.org/u?74e2c299
http://www.squirrelmail.org/security/issue/2005-06-15
Plugin Details
Severity: Medium
ID: 18504
File Name: squirrelmail_145.nasl
Version: 1.22
Type: remote
Family: CGI abuses
Published: 6/16/2005
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.0
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/a:squirrelmail:squirrelmail
Required KB Items: www/squirrelmail
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Vulnerability Publication Date: 6/15/2005
Reference Information
CVE: CVE-2005-1769, CVE-2005-2095