6.8
CVE-2009-2964
- EPSS 1.52%
- Veröffentlicht 25.08.2009 17:30:01
- Zuletzt bearbeitet 16.06.2026 23:10:37
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Squirrelmail ≫ Squirrelmail Version <= 1.4.19
Squirrelmail ≫ Squirrelmail Version0.1.1
Squirrelmail ≫ Squirrelmail Version0.1.2
Squirrelmail ≫ Squirrelmail Version1.0
Squirrelmail ≫ Squirrelmail Version1.0.1
Squirrelmail ≫ Squirrelmail Version1.0.2
Squirrelmail ≫ Squirrelmail Version1.0.3
Squirrelmail ≫ Squirrelmail Version1.0.4
Squirrelmail ≫ Squirrelmail Version1.0.5
Squirrelmail ≫ Squirrelmail Version1.0.6
Squirrelmail ≫ Squirrelmail Version1.0pre1
Squirrelmail ≫ Squirrelmail Version1.0pre2
Squirrelmail ≫ Squirrelmail Version1.0pre3
Squirrelmail ≫ Squirrelmail Version1.1.0
Squirrelmail ≫ Squirrelmail Version1.1.1
Squirrelmail ≫ Squirrelmail Version1.1.2
Squirrelmail ≫ Squirrelmail Version1.1.3
Squirrelmail ≫ Squirrelmail Version1.2
Squirrelmail ≫ Squirrelmail Version1.2.0
Squirrelmail ≫ Squirrelmail Version1.2.0 Updaterc3
Squirrelmail ≫ Squirrelmail Version1.2.0_rc3
Squirrelmail ≫ Squirrelmail Version1.2.1
Squirrelmail ≫ Squirrelmail Version1.2.2
Squirrelmail ≫ Squirrelmail Version1.2.3
Squirrelmail ≫ Squirrelmail Version1.2.4
Squirrelmail ≫ Squirrelmail Version1.2.5
Squirrelmail ≫ Squirrelmail Version1.2.6
Squirrelmail ≫ Squirrelmail Version1.2.6-rc1
Squirrelmail ≫ Squirrelmail Version1.2.7
Squirrelmail ≫ Squirrelmail Version1.2.8
Squirrelmail ≫ Squirrelmail Version1.2.9
Squirrelmail ≫ Squirrelmail Version1.2.10
Squirrelmail ≫ Squirrelmail Version1.2.11
Squirrelmail ≫ Squirrelmail Version1.3.0
Squirrelmail ≫ Squirrelmail Version1.3.1
Squirrelmail ≫ Squirrelmail Version1.3.2
Squirrelmail ≫ Squirrelmail Version1.4
Squirrelmail ≫ Squirrelmail Version1.4 Updaterc1
Squirrelmail ≫ Squirrelmail Version1.4.0
Squirrelmail ≫ Squirrelmail Version1.4.0 Updaterc1
Squirrelmail ≫ Squirrelmail Version1.4.0 Updaterc2a
Squirrelmail ≫ Squirrelmail Version1.4.0-r1
Squirrelmail ≫ Squirrelmail Version1.4.0_rc1
Squirrelmail ≫ Squirrelmail Version1.4.0_rc2a
Squirrelmail ≫ Squirrelmail Version1.4.1
Squirrelmail ≫ Squirrelmail Version1.4.2
Squirrelmail ≫ Squirrelmail Version1.4.2-r1
Squirrelmail ≫ Squirrelmail Version1.4.2-r2
Squirrelmail ≫ Squirrelmail Version1.4.2-r3
Squirrelmail ≫ Squirrelmail Version1.4.2-r4
Squirrelmail ≫ Squirrelmail Version1.4.2-r5
Squirrelmail ≫ Squirrelmail Version1.4.3
Squirrelmail ≫ Squirrelmail Version1.4.3 Updater3
Squirrelmail ≫ Squirrelmail Version1.4.3 Updaterc1
Squirrelmail ≫ Squirrelmail Version1.4.3_r3
Squirrelmail ≫ Squirrelmail Version1.4.3_rc1
Squirrelmail ≫ Squirrelmail Version1.4.3_rc1 Updater1
Squirrelmail ≫ Squirrelmail Version1.4.3a
Squirrelmail ≫ Squirrelmail Version1.4.3aa
Squirrelmail ≫ Squirrelmail Version1.4.4
Squirrelmail ≫ Squirrelmail Version1.4.4 Updaterc1
Squirrelmail ≫ Squirrelmail Version1.4.4_rc1
Squirrelmail ≫ Squirrelmail Version1.4.5
Squirrelmail ≫ Squirrelmail Version1.4.5_rc1
Squirrelmail ≫ Squirrelmail Version1.4.6
Squirrelmail ≫ Squirrelmail Version1.4.6 Updaterc1
Squirrelmail ≫ Squirrelmail Version1.4.6_cvs
Squirrelmail ≫ Squirrelmail Version1.4.6_rc1
Squirrelmail ≫ Squirrelmail Version1.4.7
Squirrelmail ≫ Squirrelmail Version1.4.8
Squirrelmail ≫ Squirrelmail Version1.4.8.4fc6
Squirrelmail ≫ Squirrelmail Version1.4.9
Squirrelmail ≫ Squirrelmail Version1.4.9a
Squirrelmail ≫ Squirrelmail Version1.4.10
Squirrelmail ≫ Squirrelmail Version1.4.10a
Squirrelmail ≫ Squirrelmail Version1.4.11
Squirrelmail ≫ Squirrelmail Version1.4.12
Squirrelmail ≫ Squirrelmail Version1.4.13
Squirrelmail ≫ Squirrelmail Version1.4.15
Squirrelmail ≫ Squirrelmail Version1.4.15 Updaterc1
Squirrelmail ≫ Squirrelmail Version1.4.15_rc1
Squirrelmail ≫ Squirrelmail Version1.4.15rc1
Squirrelmail ≫ Squirrelmail Version1.4.16
Squirrelmail ≫ Squirrelmail Version1.4.17
Squirrelmail ≫ Squirrelmail Version1.4.18
Squirrelmail ≫ Squirrelmail Version1.4_rc1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.52% | 0.712 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://download.gna.org/nasmail/nasmail-1.7.zip
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
http://secunia.com/advisories/37415
http://secunia.com/advisories/40220
http://support.apple.com/kb/HT4188
http://www.vupen.com/english/advisories/2009/3315
http://www.vupen.com/english/advisories/2010/1481
https://gna.org/forum/forum.php?forum_id=2146
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818
http://jvn.jp/en/jp/JVN30881447/index.html
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html
http://osvdb.org/60469
http://secunia.com/advisories/34627
http://secunia.com/advisories/36363
http://secunia.com/advisories/40964
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818&view=markup&pathrev=13818
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13818
http://www.debian.org/security/2010/dsa-2091
http://www.mandriva.com/security/advisories?name=MDVSA-2009:222
http://www.osvdb.org/57001
http://www.securityfocus.com/bid/36196
http://www.squirrelmail.org/security/issue/2009-08-12
http://www.vupen.com/english/advisories/2009/2262
http://www.vupen.com/english/advisories/2010/2080
https://bugzilla.redhat.com/show_bug.cgi?id=517312
https://exchange.xforce.ibmcloud.com/vulnerabilities/52406
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html