cve-2009-2964
Vulnerability from cvelistv5
Published
2009-08-25 17:00
Modified
2024-08-07 06:07
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.
References
cve@mitre.orghttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818
cve@mitre.orghttp://download.gna.org/nasmail/nasmail-1.7.zip
cve@mitre.orghttp://jvn.jp/en/jp/JVN30881447/index.html
cve@mitre.orghttp://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
cve@mitre.orghttp://osvdb.org/60469
cve@mitre.orghttp://secunia.com/advisories/34627Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/36363Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/37415
cve@mitre.orghttp://secunia.com/advisories/40220
cve@mitre.orghttp://secunia.com/advisories/40964
cve@mitre.orghttp://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818&view=markup&pathrev=13818Patch
cve@mitre.orghttp://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13818Patch
cve@mitre.orghttp://support.apple.com/kb/HT4188
cve@mitre.orghttp://www.debian.org/security/2010/dsa-2091
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:222
cve@mitre.orghttp://www.osvdb.org/57001
cve@mitre.orghttp://www.securityfocus.com/bid/36196
cve@mitre.orghttp://www.squirrelmail.org/security/issue/2009-08-12Patch, Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/2262Patch, Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/3315
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/1481
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/2080
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=517312Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/52406
cve@mitre.orghttps://gna.org/forum/forum.php?forum_id=2146
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818
af854a3a-2127-422b-91ae-364da2661108http://download.gna.org/nasmail/nasmail-1.7.zip
af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/en/jp/JVN30881447/index.html
af854a3a-2127-422b-91ae-364da2661108http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/60469
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34627Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36363Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37415
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40220
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40964
af854a3a-2127-422b-91ae-364da2661108http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818&view=markup&pathrev=13818Patch
af854a3a-2127-422b-91ae-364da2661108http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13818Patch
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4188
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2091
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:222
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/57001
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/36196
af854a3a-2127-422b-91ae-364da2661108http://www.squirrelmail.org/security/issue/2009-08-12Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2262Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3315
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1481
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2080
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=517312Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/52406
af854a3a-2127-422b-91ae-364da2661108https://gna.org/forum/forum.php?forum_id=2146
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:07:37.413Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2010-06-15-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
          },
          {
            "name": "FEDORA-2009-8822",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gna.org/forum/forum.php?forum_id=2146"
          },
          {
            "name": "ADV-2010-1481",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1481"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818"
          },
          {
            "name": "JVN#30881447",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN30881447/index.html"
          },
          {
            "name": "34627",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34627"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818"
          },
          {
            "name": "DSA-2091",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2091"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=517312"
          },
          {
            "name": "MDVSA-2009:222",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:222"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4188"
          },
          {
            "name": "oval:org.mitre.oval:def:10668",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668"
          },
          {
            "name": "40220",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40220"
          },
          {
            "name": "60469",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/60469"
          },
          {
            "name": "squirrelmail-unspecified-csrf(52406)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52406"
          },
          {
            "name": "40964",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40964"
          },
          {
            "name": "FEDORA-2009-8797",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html"
          },
          {
            "name": "ADV-2010-2080",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2080"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818"
          },
          {
            "name": "36196",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36196"
          },
          {
            "name": "37415",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37415"
          },
          {
            "name": "36363",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36363"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.squirrelmail.org/security/issue/2009-08-12"
          },
          {
            "name": "ADV-2009-3315",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3315"
          },
          {
            "name": "57001",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/57001"
          },
          {
            "name": "JVNDB-2009-002207",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html"
          },
          {
            "name": "ADV-2009-2262",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2262"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "APPLE-SA-2010-06-15-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
        },
        {
          "name": "FEDORA-2009-8822",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gna.org/forum/forum.php?forum_id=2146"
        },
        {
          "name": "ADV-2010-1481",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1481"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818"
        },
        {
          "name": "JVN#30881447",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN30881447/index.html"
        },
        {
          "name": "34627",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34627"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818"
        },
        {
          "name": "DSA-2091",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2091"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=517312"
        },
        {
          "name": "MDVSA-2009:222",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:222"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4188"
        },
        {
          "name": "oval:org.mitre.oval:def:10668",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668"
        },
        {
          "name": "40220",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40220"
        },
        {
          "name": "60469",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/60469"
        },
        {
          "name": "squirrelmail-unspecified-csrf(52406)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52406"
        },
        {
          "name": "40964",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40964"
        },
        {
          "name": "FEDORA-2009-8797",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html"
        },
        {
          "name": "ADV-2010-2080",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2080"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818"
        },
        {
          "name": "36196",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36196"
        },
        {
          "name": "37415",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37415"
        },
        {
          "name": "36363",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36363"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.squirrelmail.org/security/issue/2009-08-12"
        },
        {
          "name": "ADV-2009-3315",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3315"
        },
        {
          "name": "57001",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/57001"
        },
        {
          "name": "JVNDB-2009-002207",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html"
        },
        {
          "name": "ADV-2009-2262",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2262"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2964",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2010-06-15-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
            },
            {
              "name": "FEDORA-2009-8822",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html"
            },
            {
              "name": "https://gna.org/forum/forum.php?forum_id=2146",
              "refsource": "CONFIRM",
              "url": "https://gna.org/forum/forum.php?forum_id=2146"
            },
            {
              "name": "ADV-2010-1481",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1481"
            },
            {
              "name": "http://download.gna.org/nasmail/nasmail-1.7.zip",
              "refsource": "CONFIRM",
              "url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
            },
            {
              "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818",
              "refsource": "CONFIRM",
              "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818"
            },
            {
              "name": "JVN#30881447",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN30881447/index.html"
            },
            {
              "name": "34627",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34627"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818"
            },
            {
              "name": "DSA-2091",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2010/dsa-2091"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=517312",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=517312"
            },
            {
              "name": "MDVSA-2009:222",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:222"
            },
            {
              "name": "http://support.apple.com/kb/HT4188",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4188"
            },
            {
              "name": "oval:org.mitre.oval:def:10668",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668"
            },
            {
              "name": "40220",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40220"
            },
            {
              "name": "60469",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/60469"
            },
            {
              "name": "squirrelmail-unspecified-csrf(52406)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52406"
            },
            {
              "name": "40964",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40964"
            },
            {
              "name": "FEDORA-2009-8797",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html"
            },
            {
              "name": "ADV-2010-2080",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2080"
            },
            {
              "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818",
              "refsource": "CONFIRM",
              "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818"
            },
            {
              "name": "36196",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36196"
            },
            {
              "name": "37415",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37415"
            },
            {
              "name": "36363",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36363"
            },
            {
              "name": "http://www.squirrelmail.org/security/issue/2009-08-12",
              "refsource": "CONFIRM",
              "url": "http://www.squirrelmail.org/security/issue/2009-08-12"
            },
            {
              "name": "ADV-2009-3315",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3315"
            },
            {
              "name": "57001",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/57001"
            },
            {
              "name": "JVNDB-2009-002207",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html"
            },
            {
              "name": "ADV-2009-2262",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2262"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2964",
    "datePublished": "2009-08-25T17:00:00",
    "dateReserved": "2009-08-25T00:00:00",
    "dateUpdated": "2024-08-07T06:07:37.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-2964\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-08-25T17:30:01.000\",\"lastModified\":\"2024-11-21T01:06:10.373\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados(CSRF) en SquirrelMail v1.4.19 y anteriores permite a atacantes remotos secuestrar la autenticacion de victimas inespecificas a traves de caracteristicas tales como \\\"enviar mensaje\\\" y \\\"cambiar preferencias\\\", relacionado con (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, y (17) src/vcard.php.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.4.19\",\"matchCriteriaId\":\"233C72FD-F76C-4192-8981-72757E4E093E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"565E131D-56A9-46AB-800D-12B097FE3B7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FAB6F43-2DAE-4E02-8F0A-EE4D4FB3E005\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD41781D-1F7E-43A7-AD59-ADFE1D04D825\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78650B7E-9638-46FF-9656-38E8DFE3FA93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94CBBB8E-E0AB-4F7B-A55E-F7BD5F83EAAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C1E1172-9D9E-439E-BD4B-4EF372344F59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EBF40C5-6272-427C-97A1-3CE3B1D47B12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB15C5DD-2D76-47ED-883C-D1901B96F391\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3E249ED-76DA-44B3-A3A7-788F4B1A19DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABD0A21F-CD80-4B01-B5D3-9B2281E4F143\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA516843-2A45-4705-9669-4B719F722192\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DA068C0-8067-4A94-9F74-0D1DACF9A9EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49F37AD5-120E-4FEA-ADA5-F6C3434B9BA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C059835E-8FD9-40DF-BA6F-7E313E49F511\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E28A825-56F4-4EC5-9D62-661C0F4B477F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"545CD944-7C64-49E3-A32E-3388B5F3ECF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A55A98B3-34ED-4A90-BB78-50CB56B1B51F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F7F3531-E0EE-48AA-BCB4-872BEB853531\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.0_rc3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F22E1FA6-7C9C-4D01-A645-CF41939C1988\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC5143ED-D4C5-4830-9C96-0B54D03679CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B765AEC-09E9-456C-8B57-09927E55D119\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AAFC3B0-DCE3-4190-B279-E095C666FA34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9291A565-0BD6-4B5E-B45F-9DE65AB8159D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6F53A84-FC66-4963-A728-7285F63D4761\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69A941FF-423E-49C5-AE1F-FE7ED016CA3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.6-rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80FE1297-04B7-4F1D-B932-1015EE3070C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B34FDB1D-881B-4343-A76E-F23B93A0469A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"052914F8-B52C-4AB4-8F85-68D788B588C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"617C554F-8E7D-4F8A-AF63-C193934C8215\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15F11950-A2E4-4F57-BF87-57788B841A21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F886B99-E996-4BF7-9BE3-14A6713A997F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65801122-2E5D-4244-9D37-5483F5C731F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A29559D-0DB8-40C8-A6E6-4F37DDD27571\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"026730B8-3919-4100-8607-C640ADBDD662\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4D1297B-EE36-46E2-8722-34F385A54751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C179A3C-8C8C-429B-BACA-8ADAE4170465\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C3A6CFE-CFA4-4B48-9738-063A2B1025FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*\",\"matchCriteriaId\":\"2664D22F-B0E6-48AB-BBBA-C653C1AF77A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F6B4BA8-1379-44CF-B87D-9DA66B5F2484\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8F869F3-6D8D-4C95-95F7-5AE42C67362B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B96BB4F-12B0-460A-B5CC-8BA6D69911FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AD31177-05BB-4623-AED7-765DB7E44E47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20247A22-9AB9-4BCE-BF28-350B52FBC62D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB0ABD26-2EA3-4884-BA0B-FFB88177CFDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCC479F3-6F3B-46CB-9D28-2DB7D76FDAE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EDC2C56-E977-452F-9263-541091356B67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B743DEC2-1ED2-4CAC-87F4-4EFDF16159FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CCE37B1-932D-4A4A-B4CA-056E26D78659\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79E6734C-EE1C-40B6-9759-15298707A6F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F66D66B1-992E-4EE0-A189-0974B96FE721\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"70484027-647C-47DF-85FD-3323F4685613\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6733B8C-5A9E-45CE-8938-F39A69EB0DC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B08E51F1-3764-4146-89C1-20B9B8EE1222\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F28456D-EA59-4900-AEAD-F8CB06F5129D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD4071B2-3D4F-4755-98B1-E28CEB05EA8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4AAFE2B-77AB-4AC3-A22C-C3C256E2E45A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF6591E5-5F36-4663-85A6-9D870FD49FC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"03D847B0-DE1D-49D7-9ED4-30C0A82209AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D062B70A-E5FF-403B-8BD1-777D6462B7CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D4CFD4D-EAC3-4325-A87F-9D5F4C513208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.5_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D58980B8-6D4B-4E90-8410-80FDD7CF15C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A884536-4D27-4350-B815-AB4E625879DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4429B95B-273A-45F3-A066-9AF548AC3FC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CD09187-16B2-4A0C-907C-40375E865EBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD89F143-EEBF-472D-9653-E7534F5799FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"796C453E-D59A-4988-BD91-24F31646D8FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A901766-B49B-4983-98AB-880B333C284B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9851AD9-5093-4482-A632-487C6D104C9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BA5BA42-F53A-4E0D-B04C-D70D2291E408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18AF3BC6-E33B-44BD-A2F6-A7F5244AA4FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77776503-3258-400D-8404-233EAFA940AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABC24558-B7C1-4DE7-BC24-AF092DF0DE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"537E4C91-91F9-469B-BF7D-5B05624D637A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0986D113-C9F9-4645-8968-D165EC6B917D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3893B3D9-BAA3-4FCD-BC58-C4B664E688B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B85F80F3-DC0E-4228-9FA3-D870BC2200D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCC5C975-D1EE-4248-9DA9-81C10E28B7F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8608AE1-7930-47CF-B2E8-9E86E2FB5A20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34EB1B08-4377-4496-A278-19616238900F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BF9DF8F-368B-44A0-9258-49298E41E0E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"442BF5C9-DC58-4A94-A634-33D6A4F3C6DD\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://download.gna.org/nasmail/nasmail-1.7.zip\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://jvn.jp/en/jp/JVN30881447/index.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/60469\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34627\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36363\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37415\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/40220\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/40964\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://support.apple.com/kb/HT4188\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2010/dsa-2091\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:222\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/57001\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/36196\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.squirrelmail.org/security/issue/2009-08-12\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2262\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3315\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1481\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/2080\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=517312\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/52406\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://gna.org/forum/forum.php?forum_id=2146\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://download.gna.org/nasmail/nasmail-1.7.zip\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://jvn.jp/en/jp/JVN30881447/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/60469\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34627\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36363\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37415\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/40220\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/40964\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://support.apple.com/kb/HT4188\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2010/dsa-2091\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:222\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/57001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/36196\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.squirrelmail.org/security/issue/2009-08-12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2262\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3315\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1481\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/2080\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=517312\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/52406\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://gna.org/forum/forum.php?forum_id=2146\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.