csaf_redhat - rhsa-2007

rhsa-2007_0022

Vulnerability from csaf_redhat

Published

2007-01-31 17:13

Modified

2024-11-22 00:45

Summary

Red Hat Security Advisory: squirrelmail security update

Notes

Topic

A new squirrelmail package that fixes security issues is now available for Red Hat Enterprise Linux 3 and 4.

Details

SquirrelMail is a standards-based webmail package written in PHP. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary Javascript or HTML content into SquirrelMail pages by tricking a user into visiting a carefully crafted URL. (CVE-2006-6142) Users of SquirrelMail should upgrade to this erratum package, which contains a backported patch to correct these issues. Notes: - After installing this update, users are advised to restart their httpd service to ensure that the updated version functions correctly. - config.php should NOT be modified, please modify config_local.php instead. - Known Bug: The configuration generator may potentially produce bad options that interfere with the operation of this application. Applying specific config changes to config_local.php manually is recommended.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new squirrelmail package that fixes security issues is now available for\nRed Hat Enterprise Linux 3 and 4.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "SquirrelMail is a standards-based webmail package written in PHP.\n\nSeveral cross-site scripting bugs were discovered in SquirrelMail.  An\nattacker could inject arbitrary Javascript or HTML content into\nSquirrelMail pages by tricking a user into visiting a carefully crafted\nURL.  (CVE-2006-6142) \n\nUsers of SquirrelMail should upgrade to this erratum package, which\ncontains a backported patch to correct these issues. \n\nNotes:\n- After installing this update, users are advised to restart their\nhttpd service to ensure that the updated version functions correctly.\n- config.php should NOT be modified, please modify config_local.php instead.\n- Known Bug: The configuration generator may potentially produce bad\noptions that interfere with the operation of this application.  Applying\nspecific config changes to config_local.php manually is recommended.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2007:0022",
        "url": "https://access.redhat.com/errata/RHSA-2007:0022"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "218294",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=218294"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0022.json"
      }
    ],
    "title": "Red Hat Security Advisory: squirrelmail security update",
    "tracking": {
      "current_release_date": "2024-11-22T00:45:19+00:00",
      "generator": {
        "date": "2024-11-22T00:45:19+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2007:0022",
      "initial_release_date": "2007-01-31T17:13:00+00:00",
      "revision_history": [
        {
          "date": "2007-01-31T17:13:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2007-01-31T12:13:25+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T00:45:19+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4",
                  "product_id": "4AS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop version 4",
                  "product_id": "4Desktop",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4",
                  "product_id": "4ES",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4",
                  "product_id": "4WS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3",
                  "product_id": "3AS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3",
                "product": {
                  "name": "Red Hat Desktop version 3",
                  "product_id": "3Desktop",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3",
                  "product_id": "3ES",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3",
                  "product_id": "3WS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squirrelmail-0:1.4.8-4.el4.src",
                "product": {
                  "name": "squirrelmail-0:1.4.8-4.el4.src",
                  "product_id": "squirrelmail-0:1.4.8-4.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squirrelmail@1.4.8-4.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "squirrelmail-0:1.4.8-4.el3.src",
                "product": {
                  "name": "squirrelmail-0:1.4.8-4.el3.src",
                  "product_id": "squirrelmail-0:1.4.8-4.el3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squirrelmail@1.4.8-4.el3?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squirrelmail-0:1.4.8-4.el4.noarch",
                "product": {
                  "name": "squirrelmail-0:1.4.8-4.el4.noarch",
                  "product_id": "squirrelmail-0:1.4.8-4.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squirrelmail@1.4.8-4.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "squirrelmail-0:1.4.8-4.el3.noarch",
                "product": {
                  "name": "squirrelmail-0:1.4.8-4.el3.noarch",
                  "product_id": "squirrelmail-0:1.4.8-4.el3.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squirrelmail@1.4.8-4.el3?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-4.el3.noarch as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:squirrelmail-0:1.4.8-4.el3.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-4.el3.noarch",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-4.el3.src as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:squirrelmail-0:1.4.8-4.el3.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-4.el3.src",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-4.el3.noarch as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:squirrelmail-0:1.4.8-4.el3.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-4.el3.noarch",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-4.el3.src as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:squirrelmail-0:1.4.8-4.el3.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-4.el3.src",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-4.el3.noarch as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:squirrelmail-0:1.4.8-4.el3.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-4.el3.noarch",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-4.el3.src as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:squirrelmail-0:1.4.8-4.el3.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-4.el3.src",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-4.el3.noarch as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:squirrelmail-0:1.4.8-4.el3.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-4.el3.noarch",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-4.el3.src as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:squirrelmail-0:1.4.8-4.el3.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-4.el3.src",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-4.el4.noarch as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:squirrelmail-0:1.4.8-4.el4.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-4.el4.noarch",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-4.el4.src as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:squirrelmail-0:1.4.8-4.el4.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-4.el4.src",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-4.el4.noarch as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:squirrelmail-0:1.4.8-4.el4.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-4.el4.noarch",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-4.el4.src as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:squirrelmail-0:1.4.8-4.el4.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-4.el4.src",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-4.el4.noarch as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:squirrelmail-0:1.4.8-4.el4.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-4.el4.noarch",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-4.el4.src as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:squirrelmail-0:1.4.8-4.el4.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-4.el4.src",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-4.el4.noarch as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:squirrelmail-0:1.4.8-4.el4.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-4.el4.noarch",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-4.el4.src as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:squirrelmail-0:1.4.8-4.el4.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-4.el4.src",
        "relates_to_product_reference": "4WS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-6142",
      "discovery_date": "2006-12-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "218297"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving \"a shortcoming in the magicHTML filter.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Three XSS issues in SquirrelMail",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS:squirrelmail-0:1.4.8-4.el3.noarch",
          "3AS:squirrelmail-0:1.4.8-4.el3.src",
          "3Desktop:squirrelmail-0:1.4.8-4.el3.noarch",
          "3Desktop:squirrelmail-0:1.4.8-4.el3.src",
          "3ES:squirrelmail-0:1.4.8-4.el3.noarch",
          "3ES:squirrelmail-0:1.4.8-4.el3.src",
          "3WS:squirrelmail-0:1.4.8-4.el3.noarch",
          "3WS:squirrelmail-0:1.4.8-4.el3.src",
          "4AS:squirrelmail-0:1.4.8-4.el4.noarch",
          "4AS:squirrelmail-0:1.4.8-4.el4.src",
          "4Desktop:squirrelmail-0:1.4.8-4.el4.noarch",
          "4Desktop:squirrelmail-0:1.4.8-4.el4.src",
          "4ES:squirrelmail-0:1.4.8-4.el4.noarch",
          "4ES:squirrelmail-0:1.4.8-4.el4.src",
          "4WS:squirrelmail-0:1.4.8-4.el4.noarch",
          "4WS:squirrelmail-0:1.4.8-4.el4.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-6142"
        },
        {
          "category": "external",
          "summary": "RHBZ#218297",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=218297"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-6142",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-6142"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-6142",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-6142"
        }
      ],
      "release_date": "2006-12-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-01-31T17:13:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "3AS:squirrelmail-0:1.4.8-4.el3.noarch",
            "3AS:squirrelmail-0:1.4.8-4.el3.src",
            "3Desktop:squirrelmail-0:1.4.8-4.el3.noarch",
            "3Desktop:squirrelmail-0:1.4.8-4.el3.src",
            "3ES:squirrelmail-0:1.4.8-4.el3.noarch",
            "3ES:squirrelmail-0:1.4.8-4.el3.src",
            "3WS:squirrelmail-0:1.4.8-4.el3.noarch",
            "3WS:squirrelmail-0:1.4.8-4.el3.src",
            "4AS:squirrelmail-0:1.4.8-4.el4.noarch",
            "4AS:squirrelmail-0:1.4.8-4.el4.src",
            "4Desktop:squirrelmail-0:1.4.8-4.el4.noarch",
            "4Desktop:squirrelmail-0:1.4.8-4.el4.src",
            "4ES:squirrelmail-0:1.4.8-4.el4.noarch",
            "4ES:squirrelmail-0:1.4.8-4.el4.src",
            "4WS:squirrelmail-0:1.4.8-4.el4.noarch",
            "4WS:squirrelmail-0:1.4.8-4.el4.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0022"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Three XSS issues in SquirrelMail"
    }
  ]
}

cve-2006-6142

Vulnerability from cvelistv5

Published

2006-12-05 11:00

Modified

2024-08-07 20:19

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."

References

▼	URL	Tags
	http://www.vupen.com/english/advisories/2007/2732	vdb-entry, x_refsource_VUPEN
	http://www.mandriva.com/security/advisories?name=MDKSA-2006:226	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/23195	third-party-advisory, x_refsource_SECUNIA
	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	vendor-advisory, x_refsource_APPLE
	http://www.redhat.com/support/errata/RHSA-2007-0022.html	vendor-advisory, x_refsource_REDHAT
	http://fedoranews.org/cms/node/2438	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/23409	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/23504	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/24284	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/30693	vdb-entry, x_refsource_XF
	https://exchange.xforce.ibmcloud.com/vulnerabilities/30695	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/23322	third-party-advisory, x_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2007_4_sr.html	vendor-advisory, x_refsource_SUSE
	https://exchange.xforce.ibmcloud.com/vulnerabilities/30694	vdb-entry, x_refsource_XF
	http://www.debian.org/security/2006/dsa-1241	vendor-advisory, x_refsource_DEBIAN
	http://fedoranews.org/cms/node/2439	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/bid/21414	vdb-entry, x_refsource_BID
	http://docs.info.apple.com/article.html?artnum=306172	x_refsource_CONFIRM
	http://sourceforge.net/project/shownotes.php?release_id=468482	x_refsource_CONFIRM
	http://secunia.com/advisories/24004	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/25159	vdb-entry, x_refsource_BID
	ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc	vendor-advisory, x_refsource_SGI
	http://squirrelmail.org/security/issue/2006-12-02	x_refsource_CONFIRM
	http://www.novell.com/linux/security/advisories/2006_29_sr.html	vendor-advisory, x_refsource_SUSE
	https://issues.rpath.com/browse/RPL-849	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2006/4828	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/23811	third-party-advisory, x_refsource_SECUNIA
	http://securitytracker.com/id?1017327	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/26235	third-party-advisory, x_refsource_SECUNIA

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:19:34.493Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2732",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2732"
          },
          {
            "name": "MDKSA-2006:226",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
          },
          {
            "name": "23195",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23195"
          },
          {
            "name": "APPLE-SA-2007-07-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
          },
          {
            "name": "RHSA-2007:0022",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
          },
          {
            "name": "FEDORA-2007-088",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/cms/node/2438"
          },
          {
            "name": "23409",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23409"
          },
          {
            "name": "oval:org.mitre.oval:def:9988",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
          },
          {
            "name": "23504",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23504"
          },
          {
            "name": "24284",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24284"
          },
          {
            "name": "squirrelmail-webmail-compose-xss(30693)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
          },
          {
            "name": "squirrelmail-mimeheader-xss(30695)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
          },
          {
            "name": "23322",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23322"
          },
          {
            "name": "SUSE-SR:2007:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
          },
          {
            "name": "squirrelmail-magichtml-messages-xss(30694)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
          },
          {
            "name": "DSA-1241",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1241"
          },
          {
            "name": "FEDORA-2007-089",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/cms/node/2439"
          },
          {
            "name": "21414",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21414"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=306172"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
          },
          {
            "name": "24004",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24004"
          },
          {
            "name": "25159",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25159"
          },
          {
            "name": "20070201-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://squirrelmail.org/security/issue/2006-12-02"
          },
          {
            "name": "SUSE-SR:2006:029",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-849"
          },
          {
            "name": "ADV-2006-4828",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4828"
          },
          {
            "name": "23811",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23811"
          },
          {
            "name": "1017327",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017327"
          },
          {
            "name": "26235",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26235"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-12-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving \"a shortcoming in the magicHTML filter.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2732",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2732"
        },
        {
          "name": "MDKSA-2006:226",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
        },
        {
          "name": "23195",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23195"
        },
        {
          "name": "APPLE-SA-2007-07-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
        },
        {
          "name": "RHSA-2007:0022",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
        },
        {
          "name": "FEDORA-2007-088",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/cms/node/2438"
        },
        {
          "name": "23409",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23409"
        },
        {
          "name": "oval:org.mitre.oval:def:9988",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
        },
        {
          "name": "23504",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23504"
        },
        {
          "name": "24284",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24284"
        },
        {
          "name": "squirrelmail-webmail-compose-xss(30693)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
        },
        {
          "name": "squirrelmail-mimeheader-xss(30695)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
        },
        {
          "name": "23322",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23322"
        },
        {
          "name": "SUSE-SR:2007:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
        },
        {
          "name": "squirrelmail-magichtml-messages-xss(30694)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
        },
        {
          "name": "DSA-1241",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1241"
        },
        {
          "name": "FEDORA-2007-089",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/cms/node/2439"
        },
        {
          "name": "21414",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21414"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=306172"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
        },
        {
          "name": "24004",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24004"
        },
        {
          "name": "25159",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25159"
        },
        {
          "name": "20070201-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://squirrelmail.org/security/issue/2006-12-02"
        },
        {
          "name": "SUSE-SR:2006:029",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-849"
        },
        {
          "name": "ADV-2006-4828",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4828"
        },
        {
          "name": "23811",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23811"
        },
        {
          "name": "1017327",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017327"
        },
        {
          "name": "26235",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26235"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-6142",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving \"a shortcoming in the magicHTML filter.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2732",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2732"
            },
            {
              "name": "MDKSA-2006:226",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
            },
            {
              "name": "23195",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23195"
            },
            {
              "name": "APPLE-SA-2007-07-31",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
            },
            {
              "name": "RHSA-2007:0022",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
            },
            {
              "name": "FEDORA-2007-088",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/cms/node/2438"
            },
            {
              "name": "23409",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23409"
            },
            {
              "name": "oval:org.mitre.oval:def:9988",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
            },
            {
              "name": "23504",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23504"
            },
            {
              "name": "24284",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24284"
            },
            {
              "name": "squirrelmail-webmail-compose-xss(30693)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
            },
            {
              "name": "squirrelmail-mimeheader-xss(30695)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
            },
            {
              "name": "23322",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23322"
            },
            {
              "name": "SUSE-SR:2007:004",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
            },
            {
              "name": "squirrelmail-magichtml-messages-xss(30694)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
            },
            {
              "name": "DSA-1241",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1241"
            },
            {
              "name": "FEDORA-2007-089",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/cms/node/2439"
            },
            {
              "name": "21414",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21414"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306172",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=306172"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=468482",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
            },
            {
              "name": "24004",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24004"
            },
            {
              "name": "25159",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25159"
            },
            {
              "name": "20070201-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
            },
            {
              "name": "http://squirrelmail.org/security/issue/2006-12-02",
              "refsource": "CONFIRM",
              "url": "http://squirrelmail.org/security/issue/2006-12-02"
            },
            {
              "name": "SUSE-SR:2006:029",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-849",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-849"
            },
            {
              "name": "ADV-2006-4828",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4828"
            },
            {
              "name": "23811",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23811"
            },
            {
              "name": "1017327",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017327"
            },
            {
              "name": "26235",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26235"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-6142",
    "datePublished": "2006-12-05T11:00:00",
    "dateReserved": "2006-11-28T00:00:00",
    "dateUpdated": "2024-08-07T20:19:34.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted