Vulnerability Name:

CVE-2011-2753 (CCN-68586)

Assigned:2011-07-12
Published:2011-07-12
Updated:2017-08-29
Summary:Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-352
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-2753

Source: CCN
Type: RHSA-2012-0103
Moderate: squirrelmail security update

Source: REDHAT
Type: UNKNOWN
RHSA-2012:0103

Source: CCN
Type: SquirrelMail SVN Repository
SquirrelMail

Source: CONFIRM
Type: Patch
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119

Source: DEBIAN
Type: UNKNOWN
DSA-2291

Source: DEBIAN
Type: DSA-2291
squirrelmail -- various vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2011:123

Source: CCN
Type: OSVDB ID: 74087
SquirrelMail Multiple Password Disclosure CSRF

Source: CCN
Type: SquirrelMail Web site
SquirrelMail - Webmail for Nuts!

Source: CCN
Type: Red Hat Bugzilla Bug 720694
(CVE-2010-4555) CVE-2010-4555 SquirrelMail: Multiple XSS flaws

Source: CONFIRM
Type: Patch
https://bugzilla.redhat.com/show_bug.cgi?id=720694

Source: XF
Type: UNKNOWN
squirrelmail-authentication-csrf(68586)

Source: XF
Type: UNKNOWN
squirrelmail-authentication-csrf(68586)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.6:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.5:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.15rc1:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.19:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.20:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:* (Version <= 1.4.21)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:squirrelmail:squirrelmail:1.4.21:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:14993
    P
    		DSA-2291-1 squirrelmail -- various
    2014-06-23
    oval:org.mitre.oval:def:23175
    P
    		ELSA-2012:0103: squirrelmail security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:21288
    P
    		RHSA-2012:0103: squirrelmail security update (Moderate)
    2014-02-24
    oval:com.redhat.rhsa:def:20120103
    P
    		RHSA-2012:0103: squirrelmail security update (Moderate)
    2012-02-08
    oval:com.ubuntu.xenial:def:201127530000000
    V
    		CVE-2011-2753 on Ubuntu 16.04 LTS (xenial) - medium.
    2011-07-17
    oval:com.ubuntu.precise:def:20112753000
    V
    		CVE-2011-2753 on Ubuntu 12.04 LTS (precise) - medium.
    2011-07-17
    oval:com.ubuntu.trusty:def:20112753000
    V
    		CVE-2011-2753 on Ubuntu 14.04 LTS (trusty) - medium.
    2011-07-17
    oval:com.ubuntu.xenial:def:20112753000
    V
    		CVE-2011-2753 on Ubuntu 16.04 LTS (xenial) - medium.
    2011-07-17
    BACK
    squirrelmail squirrelmail 0.1
    squirrelmail squirrelmail 0.1.1
    squirrelmail squirrelmail 0.1.2
    squirrelmail squirrelmail 0.2
    squirrelmail squirrelmail 0.2.1
    squirrelmail squirrelmail 0.3
    squirrelmail squirrelmail 0.3.1
    squirrelmail squirrelmail 0.3pre1
    squirrelmail squirrelmail 0.3pre2
    squirrelmail squirrelmail 0.4
    squirrelmail squirrelmail 0.4pre1
    squirrelmail squirrelmail 0.4pre2
    squirrelmail squirrelmail 0.5
    squirrelmail squirrelmail 0.5pre1
    squirrelmail squirrelmail 0.5pre2
    squirrelmail squirrelmail 1.0
    squirrelmail squirrelmail 1.0.1
    squirrelmail squirrelmail 1.0.2
    squirrelmail squirrelmail 1.0.3
    squirrelmail squirrelmail 1.0.4
    squirrelmail squirrelmail 1.0.5
    squirrelmail squirrelmail 1.0.6
    squirrelmail squirrelmail 1.0pre1
    squirrelmail squirrelmail 1.0pre2
    squirrelmail squirrelmail 1.0pre3
    squirrelmail squirrelmail 1.1.0
    squirrelmail squirrelmail 1.1.1
    squirrelmail squirrelmail 1.1.2
    squirrelmail squirrelmail 1.1.3
    squirrelmail squirrelmail 1.2
    squirrelmail squirrelmail 1.2.0
    squirrelmail squirrelmail 1.2.0 rc3
    squirrelmail squirrelmail 1.2.1
    squirrelmail squirrelmail 1.2.2
    squirrelmail squirrelmail 1.2.3
    squirrelmail squirrelmail 1.2.4
    squirrelmail squirrelmail 1.2.5
    squirrelmail squirrelmail 1.2.6
    squirrelmail squirrelmail 1.2.6 rc1
    squirrelmail squirrelmail 1.2.7
    squirrelmail squirrelmail 1.2.8
    squirrelmail squirrelmail 1.2.9
    squirrelmail squirrelmail 1.2.10
    squirrelmail squirrelmail 1.2.11
    squirrelmail squirrelmail 1.3.0
    squirrelmail squirrelmail 1.3.1
    squirrelmail squirrelmail 1.3.2
    squirrelmail squirrelmail 1.4
    squirrelmail squirrelmail 1.4 rc1
    squirrelmail squirrelmail 1.4.0
    squirrelmail squirrelmail 1.4.0 rc1
    squirrelmail squirrelmail 1.4.0 rc2a
    squirrelmail squirrelmail 1.4.0-r1
    squirrelmail squirrelmail 1.4.1
    squirrelmail squirrelmail 1.4.2
    squirrelmail squirrelmail 1.4.2-r1
    squirrelmail squirrelmail 1.4.2-r2
    squirrelmail squirrelmail 1.4.2-r3
    squirrelmail squirrelmail 1.4.2-r4
    squirrelmail squirrelmail 1.4.2-r5
    squirrelmail squirrelmail 1.4.3
    squirrelmail squirrelmail 1.4.3 r3
    squirrelmail squirrelmail 1.4.3 rc1
    squirrelmail squirrelmail 1.4.3a
    squirrelmail squirrelmail 1.4.3aa
    squirrelmail squirrelmail 1.4.4
    squirrelmail squirrelmail 1.4.4 rc1
    squirrelmail squirrelmail 1.4.5
    squirrelmail squirrelmail 1.4.5 rc1
    squirrelmail squirrelmail 1.4.6
    squirrelmail squirrelmail 1.4.6 rc1
    squirrelmail squirrelmail 1.4.6_cvs
    squirrelmail squirrelmail 1.4.7
    squirrelmail squirrelmail 1.4.8
    squirrelmail squirrelmail 1.4.8.4fc6
    squirrelmail squirrelmail 1.4.9
    squirrelmail squirrelmail 1.4.9a
    squirrelmail squirrelmail 1.4.10
    squirrelmail squirrelmail 1.4.10a
    squirrelmail squirrelmail 1.4.11
    squirrelmail squirrelmail 1.4.12
    squirrelmail squirrelmail 1.4.13
    squirrelmail squirrelmail 1.4.15
    squirrelmail squirrelmail 1.4.15 rc1
    squirrelmail squirrelmail 1.4.15rc1
    squirrelmail squirrelmail 1.4.16
    squirrelmail squirrelmail 1.4.17
    squirrelmail squirrelmail 1.4.18
    squirrelmail squirrelmail 1.4.19
    squirrelmail squirrelmail 1.4.20
    squirrelmail squirrelmail *
    squirrelmail squirrelmail 1.4.21
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 5
    redhat enterprise linux 5