| Vulnerability Name: | CVE-2007-2589 (CCN-34219) | ||||||||||||||||||||
| Assigned: | 2007-05-09 | ||||||||||||||||||||
| Published: | 2007-05-09 | ||||||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||||||
| Summary: | Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. | ||||||||||||||||||||
| CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N) 4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-352 | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu May 10 2007 - 07:02:20 CDT squirrelmail CSRF vulnerability Source: MITRE Type: CNA CVE-2007-2589 Source: MITRE Type: CNA CVE-2007-2631 Source: CCN Type: Apple Security Update 2007-007 About Security Update 2007-007 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=306172 Source: CCN Type: Apple Web site Apple security updates Source: APPLE Type: UNKNOWN APPLE-SA-2007-07-31 Source: OSVDB Type: UNKNOWN 35889 Source: CCN Type: RHSA-2007-0358 Moderate: squirrelmail security update Source: CCN Type: SA25200 SquirrelMail Cross-Site Scripting and Request Forgery Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 25200 Source: SECUNIA Type: UNKNOWN 25320 Source: SECUNIA Type: UNKNOWN 25787 Source: CCN Type: SA26235 Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 26235 Source: CCN Type: SECTRACK ID: 1018033 SquirrelMail Input Validation Holes in HTML Filter Permit Cross-Site Scripting Attacks Source: CCN Type: SourceForge.net SquirrelMail Source: CCN Type: ASA-2007-262 squirrelmail security update (RHSA-2007-0358) Source: MANDRIVA Type: UNKNOWN MDKSA-2007:106 Source: SUSE Type: UNKNOWN SUSE-SR:2007:013 Source: CCN Type: OSVDB ID: 35889 SquirrelMail compose.php IMG Element SRC Attribute CSRF Source: CCN Type: OSVDB ID: 35890 SquirrelMail Unspecified CSRF Source: CCN Type: BID-23910 SquirrelMail Multiple Cross Site Scripting Vulnerabilities Source: BID Type: UNKNOWN 25159 Source: CCN Type: BID-25159 Apple Mac OS X 2007-007 Multiple Security Vulnerabilities Source: CCN Type: SquirrelMail Security Advisory 2007-05-09 Cross site scripting in HTML filter Source: CONFIRM Type: UNKNOWN http://www.squirrelmail.org/security/issue/2007-05-09 Source: VUPEN Type: UNKNOWN ADV-2007-1748 Source: VUPEN Type: UNKNOWN ADV-2007-2732 Source: XF Type: UNKNOWN squirrelmail-compose-csrf(34219) Source: XF Type: UNKNOWN squirrelmail-multiple-scripts-csrf(34219) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11448 Source: REDHAT Type: UNKNOWN RHSA-2007:0358 Source: SUSE Type: SUSE-SR:2007:013 SUSE Security Summary Report | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||