Vulnerability Name: | CVE-2004-0519 (CCN-16025) |
Assigned: | 2004-04-29 |
Published: | 2004-04-29 |
Updated: | 2017-10-11 |
Summary: | Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. |
CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): Low |
|
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial |
|
Vulnerability Type: | CWE-Other
|
Vulnerability Consequences: | Gain Access |
References: | Source: SGI Type: Patch 20040604-01-U
Source: CCN Type: BugTraq Mailing List, Thu Apr 29 2004 - 16:09:06 CDT SquirrelMail Cross Scripting Attacks....
Source: CCN Type: BugTraq Mailing List, Fri Apr 30 2004 - 15:22:47 CDT Re: SquirrelMail Cross Scripting Attacks....
Source: MITRE Type: CNA CVE-2004-0519
Source: CONECTIVA Type: UNKNOWN CLA-2004:858
Source: CCN Type: Conectiva Linux Announcement CLSA-2004:858 Several vulnerabilities in SquirrelMail
Source: BUGTRAQ Type: UNKNOWN 20040429 SquirrelMail Cross Scripting Attacks....
Source: CCN Type: RHSA-2004-240 squirrelmail security update
Source: REDHAT Type: Patch, Vendor Advisory RHSA-2004:240
Source: CCN Type: SA11531 SquirrelMail Folder Name Cross-Site Scripting Vulnerability
Source: SECUNIA Type: Patch, Vendor Advisory 11531
Source: SECUNIA Type: Patch, Vendor Advisory 11686
Source: SECUNIA Type: Patch, Vendor Advisory 11870
Source: SECUNIA Type: Patch 12289
Source: GENTOO Type: Vendor Advisory GLSA-200405-16
Source: DEBIAN Type: Patch, Vendor Advisory DSA-535
Source: DEBIAN Type: DSA-535 squirrelmail -- several vulnerabilities
Source: CCN Type: GLSA-200405-16 Multiple XSS Vulnerabilities in SquirrelMail
Source: SUSE Type: Vendor Advisory SUSE-SR:2005:019
Source: FEDORA Type: Patch, Vendor Advisory FEDORA-2004-160
Source: BUGTRAQ Type: UNKNOWN 20040430 Re: SquirrelMail Cross Scripting Attacks....
Source: BID Type: Exploit, Patch 10246
Source: CCN Type: BID-10246 SquirrelMail Folder Name Cross-Site Scripting Vulnerability
Source: CCN Type: SquirrelMail Web site SquirrelMail - Webmail for Nuts!
Source: FEDORA Type: Patch FEDORA-2004-1733
Source: XF Type: UNKNOWN squirrel-composephp-xss(16025)
Source: XF Type: UNKNOWN squirrel-composephp-xss(16025)
Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1006
Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10274
Source: SUSE Type: SUSE-SR:2005:019 SUSE Security Summary Report
|
Vulnerable Configuration: | Configuration 1: cpe:/a:sgi:propack:3.0:*:*:*:*:*:*:*OR cpe:/a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*OR cpe:/a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*OR cpe:/a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*OR cpe:/a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*OR cpe:/a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*OR cpe:/a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*OR cpe:/a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*OR cpe:/a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*OR cpe:/a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*OR cpe:/a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*OR cpe:/a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*OR cpe:/a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*OR cpe:/a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*OR cpe:/a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*OR cpe:/a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*OR cpe:/a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*OR cpe:/a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:* Configuration RedHat 1: cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Configuration CCN 1: cpe:/a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*AND cpe:/o:redhat:linux:3.0:*:*:*:*:*:*:*OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |
sgi propack 3.0
squirrelmail squirrelmail 1.0.4
squirrelmail squirrelmail 1.0.5
squirrelmail squirrelmail 1.2.0
squirrelmail squirrelmail 1.2.1
squirrelmail squirrelmail 1.2.2
squirrelmail squirrelmail 1.2.3
squirrelmail squirrelmail 1.2.4
squirrelmail squirrelmail 1.2.5
squirrelmail squirrelmail 1.2.6
squirrelmail squirrelmail 1.2.7
squirrelmail squirrelmail 1.2.8
squirrelmail squirrelmail 1.2.9
squirrelmail squirrelmail 1.2.10
squirrelmail squirrelmail 1.2.11
squirrelmail squirrelmail 1.4
squirrelmail squirrelmail 1.4.1
squirrelmail squirrelmail 1.4.2
squirrelmail squirrelmail 1.4.2
redhat linux 3.0
debian debian linux 3.0
gentoo linux *
conectiva linux 9.0
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3