Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2010-2813

Published: 19/08/2010 Updated: 17/08/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Squirrelmail

Vulnerability Summary

functions/imap_general.php in SquirrelMail prior to 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote malicious users to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files.

Vulnerable Product Search on Vulmon Subscribe to Product

squirrelmail squirrelmail 1.4.3

squirrelmail squirrelmail 1.4.0

squirrelmail squirrelmail 1.4.16

squirrelmail squirrelmail 1.4.0_rc1

squirrelmail squirrelmail 1.4.11

squirrelmail squirrelmail 1.4.0-r1

squirrelmail squirrelmail 1.4.15

squirrelmail squirrelmail 1.4.9a

squirrelmail squirrelmail 1.4.6

squirrelmail squirrelmail 1.4.5

squirrelmail squirrelmail 1.4.2

squirrelmail squirrelmail 1.4.17

squirrelmail squirrelmail 1.4.13

squirrelmail squirrelmail 1.4

squirrelmail squirrelmail 1.4.18

squirrelmail squirrelmail 1.4.5_rc1

squirrelmail squirrelmail 1.4.15_rc1

squirrelmail squirrelmail 1.4.2-r3

squirrelmail squirrelmail 1.4.2-r2

squirrelmail squirrelmail 1.4.8

squirrelmail squirrelmail 1.4.7

squirrelmail squirrelmail 1.4.3aa

squirrelmail squirrelmail 1.4.3a

squirrelmail squirrelmail 1.4_rc1

squirrelmail squirrelmail 1.4.19

squirrelmail squirrelmail 1.4.0_rc2a

squirrelmail squirrelmail 1.4.10

squirrelmail squirrelmail 1.4.2-r1

squirrelmail squirrelmail 1.4.3_rc1

squirrelmail squirrelmail 1.44

squirrelmail squirrelmail 1.4.9

squirrelmail squirrelmail 1.4.8.4fc6

squirrelmail squirrelmail 1.4.4_rc1

squirrelmail squirrelmail 1.4.4

squirrelmail squirrelmail 1.4.1

squirrelmail squirrelmail 1.4.10a

squirrelmail squirrelmail 1.4.15rc1

squirrelmail squirrelmail 1.4.12

squirrelmail squirrelmail 1.4.2-r5

squirrelmail squirrelmail 1.4.2-r4

squirrelmail squirrelmail 1.4.6_rc1

squirrelmail squirrelmail 1.4.6_cvs

squirrelmail squirrelmail 1.4.3_r3

squirrelmail squirrelmail

Vendor Advisories

Red Hat: Moderate: squirrelmail security update
Synopsis Moderate: squirrelmail security update Type/Severity Security Advisory: Moderate Topic An updated squirrelmail package that fixes several security issues is nowavailable for Red Hat Enterprise Linux 4 and 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact ...
Red Hat: Low: squirrelmail security and bug fix update
Synopsis Low: squirrelmail security and bug fix update Type/Severity Security Advisory: Low Topic An updated squirrelmail package that fixes one security issue and severalbugs is now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having lowsecurity impac ...
Debian Security Advisories: DSA-2091-1 squirrelmail -- No user-specific token implemented
SquirrelMail, a webmail application, does not employ a user-specific token for webforms This allows a remote attacker to perform a Cross Site Request Forgery (CSRF) attack The attacker may hijack the authentication of unspecified victims and send messages or change user preferences among other actions, by tricking the victim into following a link ...

References

CWE-399http://www.debian.org/security/2010/dsa-2091http://www.securityfocus.com/bid/42399http://www.vupen.com/english/advisories/2010/2070http://secunia.com/advisories/40964http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972http://squirrelmail.org/security/issue/2010-07-23http://www.vupen.com/english/advisories/2010/2080http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.htmlhttp://secunia.com/advisories/40971https://bugzilla.redhat.com/show_bug.cgi?id=618096http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.htmlhttp://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlhttp://support.apple.com/kb/HT5130http://rhn.redhat.com/errata/RHSA-2012-0103.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/61124https://access.redhat.com/errata/RHSA-2012:0103https://nvd.nist.govhttps://www.debian.org/security/./dsa-2091
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook