5

CVE-2010-2813

functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SquirrelmailSquirrelmail Version <= 1.4.20
SquirrelmailSquirrelmail Version1.4
SquirrelmailSquirrelmail Version1.4 Updaterc1
SquirrelmailSquirrelmail Version1.4.0
SquirrelmailSquirrelmail Version1.4.0 Updaterc1
SquirrelmailSquirrelmail Version1.4.0 Updaterc2a
SquirrelmailSquirrelmail Version1.4.0-r1
SquirrelmailSquirrelmail Version1.4.0_rc1
SquirrelmailSquirrelmail Version1.4.0_rc2a
SquirrelmailSquirrelmail Version1.4.1
SquirrelmailSquirrelmail Version1.4.2
SquirrelmailSquirrelmail Version1.4.2-r1
SquirrelmailSquirrelmail Version1.4.2-r2
SquirrelmailSquirrelmail Version1.4.2-r3
SquirrelmailSquirrelmail Version1.4.2-r4
SquirrelmailSquirrelmail Version1.4.2-r5
SquirrelmailSquirrelmail Version1.4.3
SquirrelmailSquirrelmail Version1.4.3 Updater3
SquirrelmailSquirrelmail Version1.4.3 Updaterc1
SquirrelmailSquirrelmail Version1.4.3_r3
SquirrelmailSquirrelmail Version1.4.3_rc1
SquirrelmailSquirrelmail Version1.4.3_rc1 Updater1
SquirrelmailSquirrelmail Version1.4.3a
SquirrelmailSquirrelmail Version1.4.3aa
SquirrelmailSquirrelmail Version1.4.4
SquirrelmailSquirrelmail Version1.4.4 Updaterc1
SquirrelmailSquirrelmail Version1.4.4_rc1
SquirrelmailSquirrelmail Version1.4.5
SquirrelmailSquirrelmail Version1.4.5 Updaterc1
SquirrelmailSquirrelmail Version1.4.5_rc1
SquirrelmailSquirrelmail Version1.4.6
SquirrelmailSquirrelmail Version1.4.6 Updaterc1
SquirrelmailSquirrelmail Version1.4.6_cvs
SquirrelmailSquirrelmail Version1.4.6_rc1
SquirrelmailSquirrelmail Version1.4.7
SquirrelmailSquirrelmail Version1.4.8
SquirrelmailSquirrelmail Version1.4.8.4fc6
SquirrelmailSquirrelmail Version1.4.9
SquirrelmailSquirrelmail Version1.4.9a
SquirrelmailSquirrelmail Version1.4.10
SquirrelmailSquirrelmail Version1.4.10a
SquirrelmailSquirrelmail Version1.4.11
SquirrelmailSquirrelmail Version1.4.12
SquirrelmailSquirrelmail Version1.4.13
SquirrelmailSquirrelmail Version1.4.15
SquirrelmailSquirrelmail Version1.4.15 Updaterc1
SquirrelmailSquirrelmail Version1.4.15_rc1
SquirrelmailSquirrelmail Version1.4.15rc1
SquirrelmailSquirrelmail Version1.4.16
SquirrelmailSquirrelmail Version1.4.17
SquirrelmailSquirrelmail Version1.4.18
SquirrelmailSquirrelmail Version1.4.19
SquirrelmailSquirrelmail Version1.4_rc1
SquirrelmailSquirrelmail Version1.44
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.05% 0.893
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/40964
Vendor Advisory
http://www.debian.org/security/2010/dsa-2091
http://www.vupen.com/english/advisories/2010/2080
Vendor Advisory
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://rhn.redhat.com/errata/RHSA-2012-0103.html
http://support.apple.com/kb/HT5130
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html
http://secunia.com/advisories/40971
Vendor Advisory
http://squirrelmail.org/security/issue/2010-07-23
Patch
Vendor Advisory
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972
http://www.securityfocus.com/bid/42399
http://www.vupen.com/english/advisories/2010/2070
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=618096
https://exchange.xforce.ibmcloud.com/vulnerabilities/61124