Vulnerability Name:

CCN-58778

Published:2010-05-20
Updated:2010-05-20
Summary:SquirrelMail could allow a remote attacker to obtain sensitive information, caused by the improper validation of requests to the mail_fetch component. A remote attacker could exploit this vulnerability using the affected mail_fetch component to perform an Nmap scan of the network to obtain sensitive information.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: TEHTRI-SA-2010-009
Squirrelmail 0-day

Source: CCN
Type: BID-40291
SquirrelMail 'mail_fetch' Remote Information Disclosure Vulnerability

Source: CCN
Type: SquirrelMail Web site
SquirrelMail - Webmail for Nuts!

Source: XF
Type: UNKNOWN
squirrelmail-mailfetch-info-disclosure(58778)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.19:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    squirrelmail squirrelmail 1.4.12
    squirrelmail squirrelmail 1.4.11
    squirrelmail squirrelmail 1.4.15
    squirrelmail squirrelmail 1.4.16
    squirrelmail squirrelmail 1.4.15 rc1
    squirrelmail squirrelmail 1.4.10a
    squirrelmail squirrelmail 1.4.10
    squirrelmail squirrelmail 1.4.1
    squirrelmail squirrelmail 1.4.0 rc2a
    squirrelmail squirrelmail 1.4.0
    squirrelmail squirrelmail 1.4
    squirrelmail squirrelmail 1.4.0 rc1
    squirrelmail squirrelmail 1.4.17
    squirrelmail squirrelmail 1.4.0 rc1
    squirrelmail squirrelmail 1.4.0 rc2a
    squirrelmail squirrelmail 1.4.15 rc1
    squirrelmail squirrelmail 1.4 rc1
    squirrelmail squirrelmail 1.4.0-r1
    squirrelmail squirrelmail 1.4.18
    squirrelmail squirrelmail 1.4.19