Web application abuses : SquirrelMail 'mail_fetch' Remote Information Disclosure Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100688

Categoría: Web application abuses

Título: SquirrelMail 'mail_fetch' Remote Information Disclosure Vulnerability

Resumen: SquirrelMail is prone to a remote information-disclosure; vulnerability.

Descripción: Summary:
SquirrelMail is prone to a remote information-disclosure
vulnerability.

Vulnerability Impact:
Attackers can exploit this issue to obtain potentially sensitive
information that may lead to further attacks.

Affected Software/OS:
This issue affects SquirrelMail 1.4.x versions.

Solution:
Updates are available. Please see the references for more information.

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1637
40291
http://www.securityfocus.com/bid/40291
40307
http://secunia.com/advisories/40307
http://www.securityfocus.com/bid/40307
ADV-2010-1535
http://www.vupen.com/english/advisories/2010/1535
ADV-2010-1536
http://www.vupen.com/english/advisories/2010/1536
ADV-2010-1554
http://www.vupen.com/english/advisories/2010/1554
APPLE-SA-2012-02-01-1
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
FEDORA-2010-10244
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html
FEDORA-2010-10259
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html
FEDORA-2010-10264
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html
MDVSA-2010:120
http://www.mandriva.com/security/advisories?name=MDVSA-2010:120
RHSA-2012:0103
http://rhn.redhat.com/errata/RHSA-2012-0103.html
[oss-security] 20100525 Re: CVE Request for Horde and Squirrelmail
http://www.openwall.com/lists/oss-security/2010/05/25/3
http://www.openwall.com/lists/oss-security/2010/05/25/9
[oss-security] 20100621 Re: [SquirrelMail-Security] CVE Request for Horde and Squirrelmail
http://www.openwall.com/lists/oss-security/2010/06/21/1
http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69
http://squirrelmail.org/security/issue/2010-06-21
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951
http://support.apple.com/kb/HT5130

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100688
Categoría:	Web application abuses
Título:	SquirrelMail 'mail_fetch' Remote Information Disclosure Vulnerability
Resumen:	SquirrelMail is prone to a remote information-disclosure; vulnerability.
Descripción:	Summary: SquirrelMail is prone to a remote information-disclosure vulnerability. Vulnerability Impact: Attackers can exploit this issue to obtain potentially sensitive information that may lead to further attacks. Affected Software/OS: This issue affects SquirrelMail 1.4.x versions. Solution: Updates are available. Please see the references for more information. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1637 40291 http://www.securityfocus.com/bid/40291 40307 http://secunia.com/advisories/40307 http://www.securityfocus.com/bid/40307 ADV-2010-1535 http://www.vupen.com/english/advisories/2010/1535 ADV-2010-1536 http://www.vupen.com/english/advisories/2010/1536 ADV-2010-1554 http://www.vupen.com/english/advisories/2010/1554 APPLE-SA-2012-02-01-1 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html FEDORA-2010-10244 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html FEDORA-2010-10259 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html FEDORA-2010-10264 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html MDVSA-2010:120 http://www.mandriva.com/security/advisories?name=MDVSA-2010:120 RHSA-2012:0103 http://rhn.redhat.com/errata/RHSA-2012-0103.html [oss-security] 20100525 Re: CVE Request for Horde and Squirrelmail http://www.openwall.com/lists/oss-security/2010/05/25/3 http://www.openwall.com/lists/oss-security/2010/05/25/9 [oss-security] 20100621 Re: [SquirrelMail-Security] CVE Request for Horde and Squirrelmail http://www.openwall.com/lists/oss-security/2010/06/21/1 http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69 http://squirrelmail.org/security/issue/2010-06-21 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951 http://support.apple.com/kb/HT5130
Copyright	Copyright (C) 2010 Greenbone AG