CVE-2006-0377

EPSS 1.77%
Published 24.02.2006 00:02:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."

Affected products Warnungen 0 Metrics 2 CWE 0 References 23

Data is provided by the National Vulnerability Database (NVD)

Squirrelmail ≫ Squirrelmail Version1.4

Squirrelmail ≫ Squirrelmail Version1.4.1

Squirrelmail ≫ Squirrelmail Version1.4.2

Squirrelmail ≫ Squirrelmail Version1.4.3

Squirrelmail ≫ Squirrelmail Version1.4.3_r3

Squirrelmail ≫ Squirrelmail Version1.4.3_rc1

Squirrelmail ≫ Squirrelmail Version1.4.3a

Squirrelmail ≫ Squirrelmail Version1.4.4

Squirrelmail ≫ Squirrelmail Version1.4.4_rc1

Squirrelmail ≫ Squirrelmail Version1.4.5

Squirrelmail ≫ Squirrelmail Version1.4.6_rc1

Squirrelmail ≫ Squirrelmail Version1.4_rc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.77%	0.821

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

http://secunia.com/advisories/19130

http://www.novell.com/linux/security/advisories/2006_05_sr.html

ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc

http://secunia.com/advisories/20210

http://secunia.com/advisories/18985

Vendor Advisory

http://secunia.com/advisories/19131

http://secunia.com/advisories/19176

http://secunia.com/advisories/19205

http://secunia.com/advisories/19960

http://securitytracker.com/id?1015662

Patch

http://www.debian.org/security/2006/dsa-988

http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2006:049

http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html

http://www.redhat.com/support/errata/RHSA-2006-0283.html

http://www.securityfocus.com/bid/16756

http://www.vupen.com/english/advisories/2006/0689

http://www.squirrelmail.org/security/issue/2006-02-15

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/24849

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11470

https://nvd.nist.gov/vuln/detail/CVE-2006-0377

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0377

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0377

EUVD