5

CVE-2007-2589

Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SquirrelmailSquirrelmail Version1.4.0
SquirrelmailSquirrelmail Version1.4.1
SquirrelmailSquirrelmail Version1.4.2
SquirrelmailSquirrelmail Version1.4.3
SquirrelmailSquirrelmail Version1.4.3_r3
SquirrelmailSquirrelmail Version1.4.3_rc1
SquirrelmailSquirrelmail Version1.4.3a
SquirrelmailSquirrelmail Version1.4.3aa
SquirrelmailSquirrelmail Version1.4.4
SquirrelmailSquirrelmail Version1.4.4_rc1
SquirrelmailSquirrelmail Version1.4.5
SquirrelmailSquirrelmail Version1.4.6
SquirrelmailSquirrelmail Version1.4.6_cvs
SquirrelmailSquirrelmail Version1.4.6_rc1
SquirrelmailSquirrelmail Version1.4.7
SquirrelmailSquirrelmail Version1.4.8
SquirrelmailSquirrelmail Version1.4.9
SquirrelmailSquirrelmail Version1.4.9a
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.37% 0.684
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://docs.info.apple.com/article.html?artnum=306172
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://secunia.com/advisories/26235
http://www.securityfocus.com/bid/25159
http://www.vupen.com/english/advisories/2007/2732
http://secunia.com/advisories/25787
http://www.novell.com/linux/security/advisories/2007_13_sr.html
http://secunia.com/advisories/25200
Patch
Vendor Advisory
http://secunia.com/advisories/25320
http://www.mandriva.com/security/advisories?name=MDKSA-2007:106
http://www.squirrelmail.org/security/issue/2007-05-09
http://www.vupen.com/english/advisories/2007/1748
https://rhn.redhat.com/errata/RHSA-2007-0358.html
http://osvdb.org/35889
https://exchange.xforce.ibmcloud.com/vulnerabilities/34219
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11448