CVE-2010-1637 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 32%

Vendor	Product	Version
squirrelmail	squirrelmail	𝑥 ≤ 1.4.20
apple	mac_os_x	𝑥 < 10.6.8
apple	mac_os_x_server	𝑥 < 10.6.8
redhat	enterprise_linux_desktop	5.0
redhat	enterprise_linux_server	5.0
redhat	enterprise_linux_workstation	5.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

squirrelmail

lucid	Fixed 2:1.4.20-1ubuntu0.1 released
karmic	Fixed 2:1.4.19-1ubuntu0.2 released
jaunty	Fixed 2:1.4.15-4ubuntu0.4 released
hardy	Fixed 2:1.4.13-2ubuntu1.6 released
dapper	ignored

Common Weakness Enumeration

CWE-918 - Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References

http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html

http://rhn.redhat.com/errata/RHSA-2012-0103.html

http://secunia.com/advisories/40307

http://squirrelmail.org/security/issue/2010-06-21

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951

http://support.apple.com/kb/HT5130

http://www.mandriva.com/security/advisories?name=MDVSA-2010:120

http://www.openwall.com/lists/oss-security/2010/05/25/3

http://www.openwall.com/lists/oss-security/2010/05/25/9

http://www.openwall.com/lists/oss-security/2010/06/21/1

http://www.securityfocus.com/bid/40291

http://www.securityfocus.com/bid/40307

http://www.vupen.com/english/advisories/2010/1535

http://www.vupen.com/english/advisories/2010/1536

http://www.vupen.com/english/advisories/2010/1554

http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html

http://rhn.redhat.com/errata/RHSA-2012-0103.html

http://secunia.com/advisories/40307

http://squirrelmail.org/security/issue/2010-06-21

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951

http://support.apple.com/kb/HT5130

http://www.mandriva.com/security/advisories?name=MDVSA-2010:120

http://www.openwall.com/lists/oss-security/2010/05/25/3

http://www.openwall.com/lists/oss-security/2010/05/25/9

http://www.openwall.com/lists/oss-security/2010/06/21/1

http://www.securityfocus.com/bid/40291

http://www.securityfocus.com/bid/40307

http://www.vupen.com/english/advisories/2010/1535

http://www.vupen.com/english/advisories/2010/1536

http://www.vupen.com/english/advisories/2010/1554