CVE-2009-2964

EPSS 0.86%
Veröffentlicht 25.08.2009 17:30:01
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 32

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Squirrelmail ≫ Squirrelmail Version <= 1.4.19

Squirrelmail ≫ Squirrelmail Version0.1.1

Squirrelmail ≫ Squirrelmail Version0.1.2

Squirrelmail ≫ Squirrelmail Version1.0

Squirrelmail ≫ Squirrelmail Version1.0.1

Squirrelmail ≫ Squirrelmail Version1.0.2

Squirrelmail ≫ Squirrelmail Version1.0.3

Squirrelmail ≫ Squirrelmail Version1.0.4

Squirrelmail ≫ Squirrelmail Version1.0.5

Squirrelmail ≫ Squirrelmail Version1.0.6

Squirrelmail ≫ Squirrelmail Version1.0pre1

Squirrelmail ≫ Squirrelmail Version1.0pre2

Squirrelmail ≫ Squirrelmail Version1.0pre3

Squirrelmail ≫ Squirrelmail Version1.1.0

Squirrelmail ≫ Squirrelmail Version1.1.1

Squirrelmail ≫ Squirrelmail Version1.1.2

Squirrelmail ≫ Squirrelmail Version1.1.3

Squirrelmail ≫ Squirrelmail Version1.2

Squirrelmail ≫ Squirrelmail Version1.2.0

Squirrelmail ≫ Squirrelmail Version1.2.0 Updaterc3

Squirrelmail ≫ Squirrelmail Version1.2.0_rc3

Squirrelmail ≫ Squirrelmail Version1.2.1

Squirrelmail ≫ Squirrelmail Version1.2.2

Squirrelmail ≫ Squirrelmail Version1.2.3

Squirrelmail ≫ Squirrelmail Version1.2.4

Squirrelmail ≫ Squirrelmail Version1.2.5

Squirrelmail ≫ Squirrelmail Version1.2.6

Squirrelmail ≫ Squirrelmail Version1.2.6-rc1

Squirrelmail ≫ Squirrelmail Version1.2.7

Squirrelmail ≫ Squirrelmail Version1.2.8

Squirrelmail ≫ Squirrelmail Version1.2.9

Squirrelmail ≫ Squirrelmail Version1.2.10

Squirrelmail ≫ Squirrelmail Version1.2.11

Squirrelmail ≫ Squirrelmail Version1.3.0

Squirrelmail ≫ Squirrelmail Version1.3.1

Squirrelmail ≫ Squirrelmail Version1.3.2

Squirrelmail ≫ Squirrelmail Version1.4

Squirrelmail ≫ Squirrelmail Version1.4 Updaterc1

Squirrelmail ≫ Squirrelmail Version1.4.0

Squirrelmail ≫ Squirrelmail Version1.4.0 Updaterc1

Squirrelmail ≫ Squirrelmail Version1.4.0 Updaterc2a

Squirrelmail ≫ Squirrelmail Version1.4.0-r1

Squirrelmail ≫ Squirrelmail Version1.4.0_rc1

Squirrelmail ≫ Squirrelmail Version1.4.0_rc2a

Squirrelmail ≫ Squirrelmail Version1.4.1

Squirrelmail ≫ Squirrelmail Version1.4.2

Squirrelmail ≫ Squirrelmail Version1.4.2-r1

Squirrelmail ≫ Squirrelmail Version1.4.2-r2

Squirrelmail ≫ Squirrelmail Version1.4.2-r3

Squirrelmail ≫ Squirrelmail Version1.4.2-r4

Squirrelmail ≫ Squirrelmail Version1.4.2-r5

Squirrelmail ≫ Squirrelmail Version1.4.3

Squirrelmail ≫ Squirrelmail Version1.4.3 Updater3

Squirrelmail ≫ Squirrelmail Version1.4.3 Updaterc1

Squirrelmail ≫ Squirrelmail Version1.4.3_r3

Squirrelmail ≫ Squirrelmail Version1.4.3_rc1

Squirrelmail ≫ Squirrelmail Version1.4.3_rc1 Updater1

Squirrelmail ≫ Squirrelmail Version1.4.3a

Squirrelmail ≫ Squirrelmail Version1.4.3aa

Squirrelmail ≫ Squirrelmail Version1.4.4

Squirrelmail ≫ Squirrelmail Version1.4.4 Updaterc1

Squirrelmail ≫ Squirrelmail Version1.4.4_rc1

Squirrelmail ≫ Squirrelmail Version1.4.5

Squirrelmail ≫ Squirrelmail Version1.4.5_rc1

Squirrelmail ≫ Squirrelmail Version1.4.6

Squirrelmail ≫ Squirrelmail Version1.4.6 Updaterc1

Squirrelmail ≫ Squirrelmail Version1.4.6_cvs

Squirrelmail ≫ Squirrelmail Version1.4.6_rc1

Squirrelmail ≫ Squirrelmail Version1.4.7

Squirrelmail ≫ Squirrelmail Version1.4.8

Squirrelmail ≫ Squirrelmail Version1.4.8.4fc6

Squirrelmail ≫ Squirrelmail Version1.4.9

Squirrelmail ≫ Squirrelmail Version1.4.9a

Squirrelmail ≫ Squirrelmail Version1.4.10

Squirrelmail ≫ Squirrelmail Version1.4.10a

Squirrelmail ≫ Squirrelmail Version1.4.11

Squirrelmail ≫ Squirrelmail Version1.4.12

Squirrelmail ≫ Squirrelmail Version1.4.13

Squirrelmail ≫ Squirrelmail Version1.4.15

Squirrelmail ≫ Squirrelmail Version1.4.15 Updaterc1

Squirrelmail ≫ Squirrelmail Version1.4.15_rc1

Squirrelmail ≫ Squirrelmail Version1.4.15rc1

Squirrelmail ≫ Squirrelmail Version1.4.16

Squirrelmail ≫ Squirrelmail Version1.4.17

Squirrelmail ≫ Squirrelmail Version1.4.18

Squirrelmail ≫ Squirrelmail Version1.4_rc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.86%	0.744

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://download.gna.org/nasmail/nasmail-1.7.zip

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

http://secunia.com/advisories/37415

http://secunia.com/advisories/40220

http://support.apple.com/kb/HT4188

http://www.vupen.com/english/advisories/2009/3315

http://www.vupen.com/english/advisories/2010/1481

https://gna.org/forum/forum.php?forum_id=2146

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818

http://jvn.jp/en/jp/JVN30881447/index.html

http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html

http://osvdb.org/60469