[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-1637Date: (C)2010-06-22   (M)2024-04-19


The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.5CVSS Score : 4.0
Exploit Score: 2.8Exploit Score: 8.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: SINGLE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: HIGHAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
BID-40291
BID-40307
ADV-2010-1535
ADV-2010-1536
ADV-2010-1554
APPLE-SA-2012-02-01-1
FEDORA-2010-10244
FEDORA-2010-10259
FEDORA-2010-10264
MDVSA-2010:120
RHSA-2012:0103
http://www.openwall.com/lists/oss-security/2010/05/25/3
http://www.openwall.com/lists/oss-security/2010/06/21/1
http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69
http://squirrelmail.org/security/issue/2010-06-21
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951
http://support.apple.com/kb/HT5130

OVAL    9
oval:org.secpod.oval:def:202233
oval:org.secpod.oval:def:100213
oval:org.secpod.oval:def:100744
oval:org.secpod.oval:def:202278
...

© SecPod Technologies