Lucene search

MitreCVE-2009-2964

HistoryAug 25, 2009 - 5:30 p.m.

CVE-2009-2964

2009-08-2517:30:01

CWE-352

mitre

web.nvd.nist.gov

csrf

squirrelmail

nasmail

vulnerability

remote hijacking

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.004

Percentile

73.7%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.

Affected configurations

Nvd

Node

squirrelmailsquirrelmailRange≤1.4.19

squirrelmailsquirrelmailMatch0.1.1

squirrelmailsquirrelmailMatch0.1.2

squirrelmailsquirrelmailMatch1.0

squirrelmailsquirrelmailMatch1.0.1

squirrelmailsquirrelmailMatch1.0.2

squirrelmailsquirrelmailMatch1.0.3

squirrelmailsquirrelmailMatch1.0.4

squirrelmailsquirrelmailMatch1.0.5

squirrelmailsquirrelmailMatch1.0.6

squirrelmailsquirrelmailMatch1.0pre1

squirrelmailsquirrelmailMatch1.0pre2

squirrelmailsquirrelmailMatch1.0pre3

squirrelmailsquirrelmailMatch1.1.0

squirrelmailsquirrelmailMatch1.1.1

squirrelmailsquirrelmailMatch1.1.2

squirrelmailsquirrelmailMatch1.1.3

squirrelmailsquirrelmailMatch1.2

squirrelmailsquirrelmailMatch1.2.0

squirrelmailsquirrelmailMatch1.2.0rc3

squirrelmailsquirrelmailMatch1.2.0_rc3

squirrelmailsquirrelmailMatch1.2.1

squirrelmailsquirrelmailMatch1.2.2

squirrelmailsquirrelmailMatch1.2.3

squirrelmailsquirrelmailMatch1.2.4

squirrelmailsquirrelmailMatch1.2.5

squirrelmailsquirrelmailMatch1.2.6

squirrelmailsquirrelmailMatch1.2.6-rc1

squirrelmailsquirrelmailMatch1.2.7

squirrelmailsquirrelmailMatch1.2.8

squirrelmailsquirrelmailMatch1.2.9

squirrelmailsquirrelmailMatch1.2.10

squirrelmailsquirrelmailMatch1.2.11

squirrelmailsquirrelmailMatch1.3.0

squirrelmailsquirrelmailMatch1.3.1

squirrelmailsquirrelmailMatch1.3.2

squirrelmailsquirrelmailMatch1.4

squirrelmailsquirrelmailMatch1.4rc1

squirrelmailsquirrelmailMatch1.4.0

squirrelmailsquirrelmailMatch1.4.0rc1

squirrelmailsquirrelmailMatch1.4.0rc2a

squirrelmailsquirrelmailMatch1.4.0-r1

squirrelmailsquirrelmailMatch1.4.0_rc1

squirrelmailsquirrelmailMatch1.4.0_rc2a

squirrelmailsquirrelmailMatch1.4.1

squirrelmailsquirrelmailMatch1.4.2

squirrelmailsquirrelmailMatch1.4.2-r1

squirrelmailsquirrelmailMatch1.4.2-r2

squirrelmailsquirrelmailMatch1.4.2-r3

squirrelmailsquirrelmailMatch1.4.2-r4

squirrelmailsquirrelmailMatch1.4.2-r5

squirrelmailsquirrelmailMatch1.4.3

squirrelmailsquirrelmailMatch1.4.3r3

squirrelmailsquirrelmailMatch1.4.3rc1

squirrelmailsquirrelmailMatch1.4.3_r3

squirrelmailsquirrelmailMatch1.4.3_rc1

squirrelmailsquirrelmailMatch1.4.3_rc1r1

squirrelmailsquirrelmailMatch1.4.3a

squirrelmailsquirrelmailMatch1.4.3aa

squirrelmailsquirrelmailMatch1.4.4

squirrelmailsquirrelmailMatch1.4.4rc1

squirrelmailsquirrelmailMatch1.4.4_rc1

squirrelmailsquirrelmailMatch1.4.5

squirrelmailsquirrelmailMatch1.4.5_rc1

squirrelmailsquirrelmailMatch1.4.6

squirrelmailsquirrelmailMatch1.4.6rc1

squirrelmailsquirrelmailMatch1.4.6_cvs

squirrelmailsquirrelmailMatch1.4.6_rc1

squirrelmailsquirrelmailMatch1.4.7

squirrelmailsquirrelmailMatch1.4.8

squirrelmailsquirrelmailMatch1.4.8.4fc6

squirrelmailsquirrelmailMatch1.4.9

squirrelmailsquirrelmailMatch1.4.9a

squirrelmailsquirrelmailMatch1.4.10

squirrelmailsquirrelmailMatch1.4.10a

squirrelmailsquirrelmailMatch1.4.11

squirrelmailsquirrelmailMatch1.4.12

squirrelmailsquirrelmailMatch1.4.13

squirrelmailsquirrelmailMatch1.4.15

squirrelmailsquirrelmailMatch1.4.15rc1

squirrelmailsquirrelmailMatch1.4.15_rc1

squirrelmailsquirrelmailMatch1.4.15rc1

squirrelmailsquirrelmailMatch1.4.16

squirrelmailsquirrelmailMatch1.4.17

squirrelmailsquirrelmailMatch1.4.18

squirrelmailsquirrelmailMatch1.4_rc1

VendorProductVersionCPE
squirrelmailsquirrelmail*cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*
squirrelmailsquirrelmail0.1.1cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*
squirrelmailsquirrelmail0.1.2cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.0cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.0.1cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.0.2cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.0.3cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.0.4cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.0.5cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.0.6cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
squirrelmail	squirrelmail	*	cpe:2.3:a:squirrelmail:squirrelmail::::::::
squirrelmail	squirrelmail	0.1.1	cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:::::::*
squirrelmail	squirrelmail	0.1.2	cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:::::::*
squirrelmail	squirrelmail	1.0	cpe:2.3:a:squirrelmail:squirrelmail:1.0:::::::*
squirrelmail	squirrelmail	1.0.1	cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:::::::*
squirrelmail	squirrelmail	1.0.2	cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:::::::*
squirrelmail	squirrelmail	1.0.3	cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:::::::*
squirrelmail	squirrelmail	1.0.4	cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:::::::*
squirrelmail	squirrelmail	1.0.5	cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:::::::*
squirrelmail	squirrelmail	1.0.6	cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:::::::*