PT-2010-3299 · Squirrelmail+1 · Squirrelmail+1

Laurent Oudot

Publicado

2010-06-22

Atualizado

2024-02-08

CVE-2010-1637

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SquirrelMail versions 1.4.20 and earlier

Description The issue allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. This is made possible by the Mail Fetch plugin in affected versions of SquirrelMail.

Recommendations For SquirrelMail versions 1.4.20 and earlier, consider disabling the Mail Fetch plugin until a patch is available to prevent the misuse of SquirrelMail as a proxy for scanning internal networks.

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

CVE-2010-1637

RHSA-2012:0103

RHSA-2012_0103

Produtos afetados

Red Hat

Squirrelmail

PT-2010-3299 · Squirrelmail+1 · Squirrelmail+1

CVE-2010-1637

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 31