邮件头SquirrelMailHTML注入漏洞

admin
admin
admin
0
文章
0
评论
2022-07-22 12:43:32 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

邮件头SquirrelMailHTML注入漏洞

  • CNNVD编号:CNNVD-200408-022
  • 危害等级: 中危
  • CVE编号: CVE-2004-0639
  • 漏洞类型: 跨站脚本
  • 发布时间: 2004-08-06
  • 威胁类型: 远程
  • 更新时间: 2007-01-02
  • 厂        商: squirrelmail
  • 漏洞来源: Open Webmail

漏洞简介

Squirrelmail 1.2.10以及之前的版本存在多个跨站脚本攻击(XSS)漏洞。远程攻击者借助(1)read_body.php的$mailer变量,(2)mailbox_display.php的$senderNames_part变量,和可能包括(3)$event_title变量或(4)$event_text变量的其它向量注入任意HTML或脚本。

漏洞公告

Debian has released security advisory DSA 535-1 with fixes to address this issue. The vendor has released upgrades dealing with this issue. Conectiva has released a security advisory (CLA-2004:858) to address multiple issues in squirrelmail. Please see the referenced advisory for more information. SquirrelMail SquirrelMail 1.2 .0

  • SquirrelMail squirrelmail-1.4.3.tar.gz http://www.squirrelmail.org/download.php
SquirrelMail SquirrelMail 1.2.1
  • SquirrelMail squirrelmail-1.4.3.tar.gz http://www.squirrelmail.org/download.php
SquirrelMail SquirrelMail 1.2.2
  • SquirrelMail squirrelmail-1.4.3.tar.gz http://www.squirrelmail.org/download.php
SquirrelMail SquirrelMail 1.2.3
  • SquirrelMail squirrelmail-1.4.3.tar.gz http://www.squirrelmail.org/download.php
SquirrelMail SquirrelMail 1.2.4
  • SquirrelMail squirrelmail-1.4.3.tar.gz http://www.squirrelmail.org/download.php
SquirrelMail SquirrelMail 1.2.5
  • SquirrelMail squirrelmail-1.4.3.tar.gz http://www.squirrelmail.org/download.php
SquirrelMail SquirrelMail 1.2.6
  • Conectiva squirrelmail-1.4.3a-13677U90_1cl.noarch.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/squirrelmail-1.4.3a-13677U9 0_1cl.noarch.rpm
  • Conectiva squirrelmail-doc-1.4.3a-13677U90_1cl.noarch.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/squirrelmail-doc-1.4.3a-136 77U90_1cl.noarch.rpm
  • Debian squirrelmail_1.2.6-1.4_all.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelma il_1.2.6-1.4_all.deb
  • SquirrelMail squirrelmail-1.4.3.tar.gz http://www.squirrelmail.org/download.php

参考网址

来源: BID 名称: 10450 链接:http://www.securityfocus.com/bid/10450 来源: DEBIAN 名称: DSA-535 链接:http://www.debian.org/security/2004/dsa-535 来源: XF 名称: squirrelmail-from-header-xss(16285) 链接:http://xforce.iss.net/xforce/xfdb/16285 来源: www.rs-labs.com 链接:http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt 来源: BUGTRAQ 名称: 20040530 RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108611554415078&w=2 来源: CONECTIVA 名称: CLA-2004:858 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 来源: bugs.debian.org 链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973

受影响实体

  • Squirrelmail Squirrelmail:1.2.8  
  • Squirrelmail Squirrelmail:1.2.9  
  • Squirrelmail Squirrelmail:1.4  
  • Squirrelmail Squirrelmail:1.4.1  
  • Squirrelmail Squirrelmail:1.4.2  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
PHP 安全漏洞 CNNVD漏洞

PHP 安全漏洞

漏洞信息详情PHP 安全漏洞CNNVD编号:CNNVD-200408-020危害等级: 高危CVE编号:CVE-2004-0542漏洞类型:其他发布时间:2004-08-06威
07-220 评论
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0