CVE-2010-1637

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SquirrelMail versions 1.4.20 and earlier

Description The issue allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. This is made possible by the Mail Fetch plugin in affected versions of SquirrelMail.

Recommendations For SquirrelMail versions 1.4.20 and earlier, consider disabling the Mail Fetch plugin until a patch is available to prevent the misuse of SquirrelMail as a proxy for scanning internal networks.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2010-1637

RHSA-2012:0103

RHSA-2012_0103

Affected Products

Red Hat

Squirrelmail

CVE-2010-1637

Weakness Enumeration

Related Identifiers

Affected Products

References · 31