cvelistv5 - CVE-2009-2964

CVE-2009-2964

Vulnerability from cvelistv5

Published

2009-08-25 17:00

Modified

2024-08-07 06:07

Severity ?

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.

References

URL	Tags
cve@mitre.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818
cve@mitre.org	http://download.gna.org/nasmail/nasmail-1.7.zip
cve@mitre.org	http://jvn.jp/en/jp/JVN30881447/index.html
cve@mitre.org	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
cve@mitre.org	http://osvdb.org/60469
cve@mitre.org	http://secunia.com/advisories/34627	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/36363	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/37415
cve@mitre.org	http://secunia.com/advisories/40220
cve@mitre.org	http://secunia.com/advisories/40964
cve@mitre.org	http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818&view=markup&pathrev=13818	Patch
cve@mitre.org	http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13818	Patch
cve@mitre.org	http://support.apple.com/kb/HT4188
cve@mitre.org	http://www.debian.org/security/2010/dsa-2091
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:222
cve@mitre.org	http://www.osvdb.org/57001
cve@mitre.org	http://www.securityfocus.com/bid/36196
cve@mitre.org	http://www.squirrelmail.org/security/issue/2009-08-12	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2262	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3315
cve@mitre.org	http://www.vupen.com/english/advisories/2010/1481
cve@mitre.org	http://www.vupen.com/english/advisories/2010/2080
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=517312	Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/52406
cve@mitre.org	https://gna.org/forum/forum.php?forum_id=2146
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:07:37.413Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2010-06-15-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
          },
          {
            "name": "FEDORA-2009-8822",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gna.org/forum/forum.php?forum_id=2146"
          },
          {
            "name": "ADV-2010-1481",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1481"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818"
          },
          {
            "name": "JVN#30881447",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN30881447/index.html"
          },
          {
            "name": "34627",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34627"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818"
          },
          {
            "name": "DSA-2091",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2091"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=517312"
          },
          {
            "name": "MDVSA-2009:222",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:222"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4188"
          },
          {
            "name": "oval:org.mitre.oval:def:10668",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668"
          },
          {
            "name": "40220",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40220"
          },
          {
            "name": "60469",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/60469"
          },
          {
            "name": "squirrelmail-unspecified-csrf(52406)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52406"
          },
          {
            "name": "40964",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40964"
          },
          {
            "name": "FEDORA-2009-8797",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html"
          },
          {
            "name": "ADV-2010-2080",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2080"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818"
          },
          {
            "name": "36196",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36196"
          },
          {
            "name": "37415",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37415"
          },
          {
            "name": "36363",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36363"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.squirrelmail.org/security/issue/2009-08-12"
          },
          {
            "name": "ADV-2009-3315",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3315"
          },
          {
            "name": "57001",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/57001"
          },
          {
            "name": "JVNDB-2009-002207",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html"
          },
          {
            "name": "ADV-2009-2262",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2262"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "APPLE-SA-2010-06-15-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
        },
        {
          "name": "FEDORA-2009-8822",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gna.org/forum/forum.php?forum_id=2146"
        },
        {
          "name": "ADV-2010-1481",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1481"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818"
        },
        {
          "name": "JVN#30881447",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN30881447/index.html"
        },
        {
          "name": "34627",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34627"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818"
        },
        {
          "name": "DSA-2091",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2091"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=517312"
        },
        {
          "name": "MDVSA-2009:222",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:222"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4188"
        },
        {
          "name": "oval:org.mitre.oval:def:10668",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668"
        },
        {
          "name": "40220",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40220"
        },
        {
          "name": "60469",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/60469"
        },
        {
          "name": "squirrelmail-unspecified-csrf(52406)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52406"
        },
        {
          "name": "40964",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40964"
        },
        {
          "name": "FEDORA-2009-8797",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html"
        },
        {
          "name": "ADV-2010-2080",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2080"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818"
        },
        {
          "name": "36196",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36196"
        },
        {
          "name": "37415",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37415"
        },
        {
          "name": "36363",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36363"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.squirrelmail.org/security/issue/2009-08-12"
        },
        {
          "name": "ADV-2009-3315",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3315"
        },
        {
          "name": "57001",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/57001"
        },
        {
          "name": "JVNDB-2009-002207",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html"
        },
        {
          "name": "ADV-2009-2262",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2262"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2964",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2010-06-15-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
            },
            {
              "name": "FEDORA-2009-8822",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html"
            },
            {
              "name": "https://gna.org/forum/forum.php?forum_id=2146",
              "refsource": "CONFIRM",
              "url": "https://gna.org/forum/forum.php?forum_id=2146"
            },
            {
              "name": "ADV-2010-1481",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1481"
            },
            {
              "name": "http://download.gna.org/nasmail/nasmail-1.7.zip",
              "refsource": "CONFIRM",
              "url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
            },
            {
              "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818",
              "refsource": "CONFIRM",
              "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818"
            },
            {
              "name": "JVN#30881447",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN30881447/index.html"
            },
            {
              "name": "34627",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34627"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818"
            },
            {
              "name": "DSA-2091",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2010/dsa-2091"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=517312",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=517312"
            },
            {
              "name": "MDVSA-2009:222",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:222"
            },
            {
              "name": "http://support.apple.com/kb/HT4188",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4188"
            },
            {
              "name": "oval:org.mitre.oval:def:10668",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668"
            },
            {
              "name": "40220",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40220"
            },
            {
              "name": "60469",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/60469"
            },
            {
              "name": "squirrelmail-unspecified-csrf(52406)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52406"
            },
            {
              "name": "40964",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40964"
            },
            {
              "name": "FEDORA-2009-8797",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html"
            },
            {
              "name": "ADV-2010-2080",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2080"
            },
            {
              "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818",
              "refsource": "CONFIRM",
              "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818"
            },
            {
              "name": "36196",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36196"
            },
            {
              "name": "37415",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37415"
            },
            {
              "name": "36363",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36363"
            },
            {
              "name": "http://www.squirrelmail.org/security/issue/2009-08-12",
              "refsource": "CONFIRM",
              "url": "http://www.squirrelmail.org/security/issue/2009-08-12"
            },
            {
              "name": "ADV-2009-3315",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3315"
            },
            {
              "name": "57001",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/57001"
            },
            {
              "name": "JVNDB-2009-002207",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html"
            },
            {
              "name": "ADV-2009-2262",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2262"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2964",
    "datePublished": "2009-08-25T17:00:00",
    "dateReserved": "2009-08-25T00:00:00",
    "dateUpdated": "2024-08-07T06:07:37.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-2964\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-08-25T17:30:01.000\",\"lastModified\":\"2017-09-19T01:29:22.657\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados(CSRF) en SquirrelMail v1.4.19 y anteriores permite a atacantes remotos secuestrar la autenticacion de victimas inespecificas a traves de caracteristicas tales como \\\"enviar mensaje\\\" y \\\"cambiar preferencias\\\", relacionado con (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, y (17) src/vcard.php.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.4.19\",\"matchCriteriaId\":\"233C72FD-F76C-4192-8981-72757E4E093E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"565E131D-56A9-46AB-800D-12B097FE3B7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FAB6F43-2DAE-4E02-8F0A-EE4D4FB3E005\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD41781D-1F7E-43A7-AD59-ADFE1D04D825\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78650B7E-9638-46FF-9656-38E8DFE3FA93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94CBBB8E-E0AB-4F7B-A55E-F7BD5F83EAAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C1E1172-9D9E-439E-BD4B-4EF372344F59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EBF40C5-6272-427C-97A1-3CE3B1D47B12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB15C5DD-2D76-47ED-883C-D1901B96F391\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3E249ED-76DA-44B3-A3A7-788F4B1A19DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABD0A21F-CD80-4B01-B5D3-9B2281E4F143\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA516843-2A45-4705-9669-4B719F722192\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DA068C0-8067-4A94-9F74-0D1DACF9A9EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49F37AD5-120E-4FEA-ADA5-F6C3434B9BA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C059835E-8FD9-40DF-BA6F-7E313E49F511\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E28A825-56F4-4EC5-9D62-661C0F4B477F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"545CD944-7C64-49E3-A32E-3388B5F3ECF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A55A98B3-34ED-4A90-BB78-50CB56B1B51F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F7F3531-E0EE-48AA-BCB4-872BEB853531\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.0_rc3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F22E1FA6-7C9C-4D01-A645-CF41939C1988\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC5143ED-D4C5-4830-9C96-0B54D03679CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B765AEC-09E9-456C-8B57-09927E55D119\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AAFC3B0-DCE3-4190-B279-E095C666FA34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9291A565-0BD6-4B5E-B45F-9DE65AB8159D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6F53A84-FC66-4963-A728-7285F63D4761\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69A941FF-423E-49C5-AE1F-FE7ED016CA3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.6-rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80FE1297-04B7-4F1D-B932-1015EE3070C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B34FDB1D-881B-4343-A76E-F23B93A0469A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"052914F8-B52C-4AB4-8F85-68D788B588C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"617C554F-8E7D-4F8A-AF63-C193934C8215\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15F11950-A2E4-4F57-BF87-57788B841A21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F886B99-E996-4BF7-9BE3-14A6713A997F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65801122-2E5D-4244-9D37-5483F5C731F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A29559D-0DB8-40C8-A6E6-4F37DDD27571\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"026730B8-3919-4100-8607-C640ADBDD662\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4D1297B-EE36-46E2-8722-34F385A54751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C179A3C-8C8C-429B-BACA-8ADAE4170465\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C3A6CFE-CFA4-4B48-9738-063A2B1025FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*\",\"matchCriteriaId\":\"2664D22F-B0E6-48AB-BBBA-C653C1AF77A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F6B4BA8-1379-44CF-B87D-9DA66B5F2484\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8F869F3-6D8D-4C95-95F7-5AE42C67362B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B96BB4F-12B0-460A-B5CC-8BA6D69911FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AD31177-05BB-4623-AED7-765DB7E44E47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20247A22-9AB9-4BCE-BF28-350B52FBC62D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB0ABD26-2EA3-4884-BA0B-FFB88177CFDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCC479F3-6F3B-46CB-9D28-2DB7D76FDAE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EDC2C56-E977-452F-9263-541091356B67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B743DEC2-1ED2-4CAC-87F4-4EFDF16159FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CCE37B1-932D-4A4A-B4CA-056E26D78659\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79E6734C-EE1C-40B6-9759-15298707A6F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F66D66B1-992E-4EE0-A189-0974B96FE721\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"70484027-647C-47DF-85FD-3323F4685613\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6733B8C-5A9E-45CE-8938-F39A69EB0DC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B08E51F1-3764-4146-89C1-20B9B8EE1222\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F28456D-EA59-4900-AEAD-F8CB06F5129D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD4071B2-3D4F-4755-98B1-E28CEB05EA8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4AAFE2B-77AB-4AC3-A22C-C3C256E2E45A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF6591E5-5F36-4663-85A6-9D870FD49FC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"03D847B0-DE1D-49D7-9ED4-30C0A82209AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D062B70A-E5FF-403B-8BD1-777D6462B7CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D4CFD4D-EAC3-4325-A87F-9D5F4C513208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.5_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D58980B8-6D4B-4E90-8410-80FDD7CF15C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A884536-4D27-4350-B815-AB4E625879DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4429B95B-273A-45F3-A066-9AF548AC3FC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CD09187-16B2-4A0C-907C-40375E865EBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD89F143-EEBF-472D-9653-E7534F5799FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"796C453E-D59A-4988-BD91-24F31646D8FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A901766-B49B-4983-98AB-880B333C284B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9851AD9-5093-4482-A632-487C6D104C9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BA5BA42-F53A-4E0D-B04C-D70D2291E408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18AF3BC6-E33B-44BD-A2F6-A7F5244AA4FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77776503-3258-400D-8404-233EAFA940AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABC24558-B7C1-4DE7-BC24-AF092DF0DE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"537E4C91-91F9-469B-BF7D-5B05624D637A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0986D113-C9F9-4645-8968-D165EC6B917D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3893B3D9-BAA3-4FCD-BC58-C4B664E688B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B85F80F3-DC0E-4228-9FA3-D870BC2200D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCC5C975-D1EE-4248-9DA9-81C10E28B7F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8608AE1-7930-47CF-B2E8-9E86E2FB5A20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34EB1B08-4377-4496-A278-19616238900F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BF9DF8F-368B-44A0-9258-49298E41E0E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"442BF5C9-DC58-4A94-A634-33D6A4F3C6DD\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://download.gna.org/nasmail/nasmail-1.7.zip\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://jvn.jp/en/jp/JVN30881447/index.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/60469\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34627\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36363\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37415\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/40220\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/40964\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://support.apple.com/kb/HT4188\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2010/dsa-2091\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:222\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/57001\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/36196\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.squirrelmail.org/security/issue/2009-08-12\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2262\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3315\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1481\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/2080\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=517312\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/52406\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://gna.org/forum/forum.php?forum_id=2146\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html\",\"source\":\"cve@mitre.org\"}]}}"
  }
}

ghsa-jj6p-27w9-hh6m

Vulnerability from github

Published

2022-05-02 03:40

Modified

2022-05-02 03:40

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-2964"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-08-25T17:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.",
  "id": "GHSA-jj6p-27w9-hh6m",
  "modified": "2022-05-02T03:40:28Z",
  "published": "2022-05-02T03:40:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2964"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=517312"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52406"
    },
    {
      "type": "WEB",
      "url": "https://gna.org/forum/forum.php?forum_id=2146"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818"
    },
    {
      "type": "WEB",
      "url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN30881447/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/60469"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34627"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36363"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37415"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40220"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40964"
    },
    {
      "type": "WEB",
      "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818"
    },
    {
      "type": "WEB",
      "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4188"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-2091"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:222"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/57001"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36196"
    },
    {
      "type": "WEB",
      "url": "http://www.squirrelmail.org/security/issue/2009-08-12"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2262"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3315"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1481"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2080"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

rhsa-2009_1490

Vulnerability from csaf_redhat

Published

2009-10-08 20:12

Modified

2024-11-22 03:00

Summary

Red Hat Security Advisory: squirrelmail security update

Notes

Topic

An updated squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details

SquirrelMail is a standards-based webmail package written in PHP. Form submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user's preferences, or possibly send mail without that user's permission. (CVE-2009-2964) Users of SquirrelMail should upgrade to this updated package, which contains a backported patch to correct these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated squirrelmail package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "SquirrelMail is a standards-based webmail package written in PHP.\n\nForm submissions in SquirrelMail did not implement protection against\nCross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a\nuser into visiting a malicious web page, the attacker could hijack that\nuser\u0027s authentication, inject malicious content into that user\u0027s\npreferences, or possibly send mail without that user\u0027s permission.\n(CVE-2009-2964)\n\nUsers of SquirrelMail should upgrade to this updated package, which\ncontains a backported patch to correct these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1490",
        "url": "https://access.redhat.com/errata/RHSA-2009:1490"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://www.squirrelmail.org/security/issue/2009-08-12",
        "url": "http://www.squirrelmail.org/security/issue/2009-08-12"
      },
      {
        "category": "external",
        "summary": "517312",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=517312"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1490.json"
      }
    ],
    "title": "Red Hat Security Advisory: squirrelmail security update",
    "tracking": {
      "current_release_date": "2024-11-22T03:00:54+00:00",
      "generator": {
        "date": "2024-11-22T03:00:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2009:1490",
      "initial_release_date": "2009-10-08T20:12:00+00:00",
      "revision_history": [
        {
          "date": "2009-10-08T20:12:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-10-08T16:17:15+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T03:00:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3",
                  "product_id": "3AS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3",
                "product": {
                  "name": "Red Hat Desktop version 3",
                  "product_id": "3Desktop",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3",
                  "product_id": "3ES",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3",
                  "product_id": "3WS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4",
                  "product_id": "4AS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop version 4",
                  "product_id": "4Desktop",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4",
                  "product_id": "4ES",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4",
                  "product_id": "4WS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                  "product_id": "5Client-Workstation",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squirrelmail-0:1.4.8-16.el3.src",
                "product": {
                  "name": "squirrelmail-0:1.4.8-16.el3.src",
                  "product_id": "squirrelmail-0:1.4.8-16.el3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squirrelmail@1.4.8-16.el3?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "squirrelmail-0:1.4.8-5.el4_8.8.src",
                "product": {
                  "name": "squirrelmail-0:1.4.8-5.el4_8.8.src",
                  "product_id": "squirrelmail-0:1.4.8-5.el4_8.8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squirrelmail@1.4.8-5.el4_8.8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "squirrelmail-0:1.4.8-5.el5_4.10.src",
                "product": {
                  "name": "squirrelmail-0:1.4.8-5.el5_4.10.src",
                  "product_id": "squirrelmail-0:1.4.8-5.el5_4.10.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squirrelmail@1.4.8-5.el5_4.10?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squirrelmail-0:1.4.8-16.el3.noarch",
                "product": {
                  "name": "squirrelmail-0:1.4.8-16.el3.noarch",
                  "product_id": "squirrelmail-0:1.4.8-16.el3.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squirrelmail@1.4.8-16.el3?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "squirrelmail-0:1.4.8-5.el4_8.8.noarch",
                "product": {
                  "name": "squirrelmail-0:1.4.8-5.el4_8.8.noarch",
                  "product_id": "squirrelmail-0:1.4.8-5.el4_8.8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squirrelmail@1.4.8-5.el4_8.8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "squirrelmail-0:1.4.8-5.el5_4.10.noarch",
                "product": {
                  "name": "squirrelmail-0:1.4.8-5.el5_4.10.noarch",
                  "product_id": "squirrelmail-0:1.4.8-5.el5_4.10.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squirrelmail@1.4.8-5.el5_4.10?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-16.el3.noarch as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:squirrelmail-0:1.4.8-16.el3.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-16.el3.noarch",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-16.el3.src as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:squirrelmail-0:1.4.8-16.el3.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-16.el3.src",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-16.el3.noarch as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:squirrelmail-0:1.4.8-16.el3.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-16.el3.noarch",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-16.el3.src as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:squirrelmail-0:1.4.8-16.el3.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-16.el3.src",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-16.el3.noarch as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:squirrelmail-0:1.4.8-16.el3.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-16.el3.noarch",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-16.el3.src as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:squirrelmail-0:1.4.8-16.el3.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-16.el3.src",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-16.el3.noarch as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:squirrelmail-0:1.4.8-16.el3.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-16.el3.noarch",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-16.el3.src as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:squirrelmail-0:1.4.8-16.el3.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-16.el3.src",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-5.el4_8.8.noarch as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:squirrelmail-0:1.4.8-5.el4_8.8.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-5.el4_8.8.noarch",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-5.el4_8.8.src as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:squirrelmail-0:1.4.8-5.el4_8.8.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-5.el4_8.8.src",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-5.el4_8.8.noarch as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:squirrelmail-0:1.4.8-5.el4_8.8.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-5.el4_8.8.noarch",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-5.el4_8.8.src as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:squirrelmail-0:1.4.8-5.el4_8.8.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-5.el4_8.8.src",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-5.el4_8.8.noarch as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:squirrelmail-0:1.4.8-5.el4_8.8.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-5.el4_8.8.noarch",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-5.el4_8.8.src as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:squirrelmail-0:1.4.8-5.el4_8.8.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-5.el4_8.8.src",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-5.el4_8.8.noarch as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:squirrelmail-0:1.4.8-5.el4_8.8.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-5.el4_8.8.noarch",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-5.el4_8.8.src as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:squirrelmail-0:1.4.8-5.el4_8.8.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-5.el4_8.8.src",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-5.el5_4.10.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:squirrelmail-0:1.4.8-5.el5_4.10.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-5.el5_4.10.noarch",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-5.el5_4.10.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:squirrelmail-0:1.4.8-5.el5_4.10.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-5.el5_4.10.src",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-5.el5_4.10.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:squirrelmail-0:1.4.8-5.el5_4.10.noarch"
        },
        "product_reference": "squirrelmail-0:1.4.8-5.el5_4.10.noarch",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squirrelmail-0:1.4.8-5.el5_4.10.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:squirrelmail-0:1.4.8-5.el5_4.10.src"
        },
        "product_reference": "squirrelmail-0:1.4.8-5.el5_4.10.src",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-2964",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "discovery_date": "2009-08-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "517312"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "squirrelmail: CSRF issues in all forms",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS:squirrelmail-0:1.4.8-16.el3.noarch",
          "3AS:squirrelmail-0:1.4.8-16.el3.src",
          "3Desktop:squirrelmail-0:1.4.8-16.el3.noarch",
          "3Desktop:squirrelmail-0:1.4.8-16.el3.src",
          "3ES:squirrelmail-0:1.4.8-16.el3.noarch",
          "3ES:squirrelmail-0:1.4.8-16.el3.src",
          "3WS:squirrelmail-0:1.4.8-16.el3.noarch",
          "3WS:squirrelmail-0:1.4.8-16.el3.src",
          "4AS:squirrelmail-0:1.4.8-5.el4_8.8.noarch",
          "4AS:squirrelmail-0:1.4.8-5.el4_8.8.src",
          "4Desktop:squirrelmail-0:1.4.8-5.el4_8.8.noarch",
          "4Desktop:squirrelmail-0:1.4.8-5.el4_8.8.src",
          "4ES:squirrelmail-0:1.4.8-5.el4_8.8.noarch",
          "4ES:squirrelmail-0:1.4.8-5.el4_8.8.src",
          "4WS:squirrelmail-0:1.4.8-5.el4_8.8.noarch",
          "4WS:squirrelmail-0:1.4.8-5.el4_8.8.src",
          "5Client-Workstation:squirrelmail-0:1.4.8-5.el5_4.10.noarch",
          "5Client-Workstation:squirrelmail-0:1.4.8-5.el5_4.10.src",
          "5Server:squirrelmail-0:1.4.8-5.el5_4.10.noarch",
          "5Server:squirrelmail-0:1.4.8-5.el5_4.10.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-2964"
        },
        {
          "category": "external",
          "summary": "RHBZ#517312",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=517312"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2964",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-2964"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2964",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2964"
        }
      ],
      "release_date": "2009-08-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-10-08T20:12:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS:squirrelmail-0:1.4.8-16.el3.noarch",
            "3AS:squirrelmail-0:1.4.8-16.el3.src",
            "3Desktop:squirrelmail-0:1.4.8-16.el3.noarch",
            "3Desktop:squirrelmail-0:1.4.8-16.el3.src",
            "3ES:squirrelmail-0:1.4.8-16.el3.noarch",
            "3ES:squirrelmail-0:1.4.8-16.el3.src",
            "3WS:squirrelmail-0:1.4.8-16.el3.noarch",
            "3WS:squirrelmail-0:1.4.8-16.el3.src",
            "4AS:squirrelmail-0:1.4.8-5.el4_8.8.noarch",
            "4AS:squirrelmail-0:1.4.8-5.el4_8.8.src",
            "4Desktop:squirrelmail-0:1.4.8-5.el4_8.8.noarch",
            "4Desktop:squirrelmail-0:1.4.8-5.el4_8.8.src",
            "4ES:squirrelmail-0:1.4.8-5.el4_8.8.noarch",
            "4ES:squirrelmail-0:1.4.8-5.el4_8.8.src",
            "4WS:squirrelmail-0:1.4.8-5.el4_8.8.noarch",
            "4WS:squirrelmail-0:1.4.8-5.el4_8.8.src",
            "5Client-Workstation:squirrelmail-0:1.4.8-5.el5_4.10.noarch",
            "5Client-Workstation:squirrelmail-0:1.4.8-5.el5_4.10.src",
            "5Server:squirrelmail-0:1.4.8-5.el5_4.10.noarch",
            "5Server:squirrelmail-0:1.4.8-5.el5_4.10.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1490"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "3AS:squirrelmail-0:1.4.8-16.el3.noarch",
            "3AS:squirrelmail-0:1.4.8-16.el3.src",
            "3Desktop:squirrelmail-0:1.4.8-16.el3.noarch",
            "3Desktop:squirrelmail-0:1.4.8-16.el3.src",
            "3ES:squirrelmail-0:1.4.8-16.el3.noarch",
            "3ES:squirrelmail-0:1.4.8-16.el3.src",
            "3WS:squirrelmail-0:1.4.8-16.el3.noarch",
            "3WS:squirrelmail-0:1.4.8-16.el3.src",
            "4AS:squirrelmail-0:1.4.8-5.el4_8.8.noarch",
            "4AS:squirrelmail-0:1.4.8-5.el4_8.8.src",
            "4Desktop:squirrelmail-0:1.4.8-5.el4_8.8.noarch",
            "4Desktop:squirrelmail-0:1.4.8-5.el4_8.8.src",
            "4ES:squirrelmail-0:1.4.8-5.el4_8.8.noarch",
            "4ES:squirrelmail-0:1.4.8-5.el4_8.8.src",
            "4WS:squirrelmail-0:1.4.8-5.el4_8.8.noarch",
            "4WS:squirrelmail-0:1.4.8-5.el4_8.8.src",
            "5Client-Workstation:squirrelmail-0:1.4.8-5.el5_4.10.noarch",
            "5Client-Workstation:squirrelmail-0:1.4.8-5.el5_4.10.src",
            "5Server:squirrelmail-0:1.4.8-5.el5_4.10.noarch",
            "5Server:squirrelmail-0:1.4.8-5.el5_4.10.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "squirrelmail: CSRF issues in all forms"
    }
  ]
}

gsd-2009-2964

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-2964

Aliases

CVE-2009-2964

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-2964",
    "description": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.",
    "id": "GSD-2009-2964",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-2964.html",
      "https://www.debian.org/security/2010/dsa-2091",
      "https://access.redhat.com/errata/RHSA-2009:1490",
      "https://linux.oracle.com/cve/CVE-2009-2964.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-2964"
      ],
      "details": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.",
      "id": "GSD-2009-2964",
      "modified": "2023-12-13T01:19:46.458451Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-2964",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2010-06-15-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
          },
          {
            "name": "FEDORA-2009-8822",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html"
          },
          {
            "name": "https://gna.org/forum/forum.php?forum_id=2146",
            "refsource": "CONFIRM",
            "url": "https://gna.org/forum/forum.php?forum_id=2146"
          },
          {
            "name": "ADV-2010-1481",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/1481"
          },
          {
            "name": "http://download.gna.org/nasmail/nasmail-1.7.zip",
            "refsource": "CONFIRM",
            "url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
          },
          {
            "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818",
            "refsource": "CONFIRM",
            "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818"
          },
          {
            "name": "JVN#30881447",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN30881447/index.html"
          },
          {
            "name": "34627",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34627"
          },
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818",
            "refsource": "CONFIRM",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818"
          },
          {
            "name": "DSA-2091",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2010/dsa-2091"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=517312",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=517312"
          },
          {
            "name": "MDVSA-2009:222",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:222"
          },
          {
            "name": "http://support.apple.com/kb/HT4188",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4188"
          },
          {
            "name": "oval:org.mitre.oval:def:10668",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668"
          },
          {
            "name": "40220",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/40220"
          },
          {
            "name": "60469",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/60469"
          },
          {
            "name": "squirrelmail-unspecified-csrf(52406)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52406"
          },
          {
            "name": "40964",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/40964"
          },
          {
            "name": "FEDORA-2009-8797",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html"
          },
          {
            "name": "ADV-2010-2080",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/2080"
          },
          {
            "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818",
            "refsource": "CONFIRM",
            "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818"
          },
          {
            "name": "36196",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/36196"
          },
          {
            "name": "37415",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37415"
          },
          {
            "name": "36363",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36363"
          },
          {
            "name": "http://www.squirrelmail.org/security/issue/2009-08-12",
            "refsource": "CONFIRM",
            "url": "http://www.squirrelmail.org/security/issue/2009-08-12"
          },
          {
            "name": "ADV-2009-3315",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3315"
          },
          {
            "name": "57001",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/57001"
          },
          {
            "name": "JVNDB-2009-002207",
            "refsource": "JVNDB",
            "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html"
          },
          {
            "name": "ADV-2009-2262",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/2262"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:r1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.4.19",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6-rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0_rc3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2964"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818"
            },
            {
              "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818"
            },
            {
              "name": "FEDORA-2009-8822",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html"
            },
            {
              "name": "http://www.squirrelmail.org/security/issue/2009-08-12",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.squirrelmail.org/security/issue/2009-08-12"
            },
            {
              "name": "FEDORA-2009-8797",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html"
            },
            {
              "name": "ADV-2009-2262",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2262"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=517312",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=517312"
            },
            {
              "name": "57001",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/57001"
            },
            {
              "name": "36363",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/36363"
            },
            {
              "name": "34627",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/34627"
            },
            {
              "name": "MDVSA-2009:222",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:222"
            },
            {
              "name": "36196",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/36196"
            },
            {
              "name": "37415",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37415"
            },
            {
              "name": "ADV-2009-3315",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/3315"
            },
            {
              "name": "60469",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/60469"
            },
            {
              "name": "https://gna.org/forum/forum.php?forum_id=2146",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://gna.org/forum/forum.php?forum_id=2146"
            },
            {
              "name": "http://download.gna.org/nasmail/nasmail-1.7.zip",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
            },
            {
              "name": "APPLE-SA-2010-06-15-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
            },
            {
              "name": "40220",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/40220"
            },
            {
              "name": "ADV-2010-1481",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/1481"
            },
            {
              "name": "http://support.apple.com/kb/HT4188",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4188"
            },
            {
              "name": "ADV-2010-2080",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/2080"
            },
            {
              "name": "DSA-2091",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2010/dsa-2091"
            },
            {
              "name": "40964",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/40964"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818"
            },
            {
              "name": "JVNDB-2009-002207",
              "refsource": "JVNDB",
              "tags": [],
              "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html"
            },
            {
              "name": "JVN#30881447",
              "refsource": "JVN",
              "tags": [],
              "url": "http://jvn.jp/en/jp/JVN30881447/index.html"
            },
            {
              "name": "squirrelmail-unspecified-csrf(52406)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52406"
            },
            {
              "name": "oval:org.mitre.oval:def:10668",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-19T01:29Z",
      "publishedDate": "2009-08-25T17:30Z"
    }
  }
}

CVE-2009-2964

Vulnerability from jvndb

Published

2011-01-07 14:40

Modified

2011-01-07 14:40

Severity ?

() - -

Summary

SquirrelMail vulnerable to cross-site request forgery

Details

SquirrelMail contains a cross-site request forgery vulnerability. SquirrelMail from SquirrelMail Project is an open source webmail (web-based email). SquirrelMail contains an issue in processing of sending a message or setting changes, which may result in cross-site request forgery. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN30881447/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2964
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2964
	SECUNIA	http://secunia.com/advisories/34627
	BID	http://www.securityfocus.com/bid/36196
	XF	http://xforce.iss.net/xforce/xfdb/52406
	VUPEN	http://www.vupen.com/english/advisories/2009/2262
	OSVDB	http://www.osvdb.org/57001
	Cross-Site Request Forgery(CWE-352)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	SquirrelMail Project	SquirrelMail
	Apple Inc.	Apple Mac OS X
	Apple Inc.	Apple Mac OS X Server
	Cybertrust Japan Co., Ltd.	Asianux Server
	Red Hat, Inc.	Red Hat Enterprise Linux
	Red Hat, Inc.	Red Hat Enterprise Linux Desktop
	Red Hat, Inc.	Red Hat Enterprise Linux EUS
	Red Hat, Inc.	RHEL Desktop Workstation

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002207.html",
  "dc:date": "2011-01-07T14:40+09:00",
  "dcterms:issued": "2011-01-07T14:40+09:00",
  "dcterms:modified": "2011-01-07T14:40+09:00",
  "description": "SquirrelMail contains a cross-site request forgery vulnerability.\r\n\r\nSquirrelMail from SquirrelMail Project is an open source webmail (web-based email).\r\nSquirrelMail contains an issue in processing of sending a message or setting changes, which may result in cross-site request forgery.\r\n\r\nDaiki Fukumori reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002207.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:squirrelmail:squirrelmail",
      "@product": "SquirrelMail",
      "@vendor": "SquirrelMail Project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x",
      "@product": "Apple Mac OS X",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x_server",
      "@product": "Apple Mac OS X Server",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_eus",
      "@product": "Red Hat Enterprise Linux EUS",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:rhel_desktop_workstation",
      "@product": "RHEL Desktop Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-002207",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN30881447/index.html",
      "@id": "JVN#30881447",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2964",
      "@id": "CVE-2009-2964",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2964",
      "@id": "CVE-2009-2964",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/34627",
      "@id": "SA34627",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/36196",
      "@id": "36196",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/52406",
      "@id": "52406",
      "@source": "XF"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2009/2262",
      "@id": "VUPEN/ADV-2009-2262",
      "@source": "VUPEN"
    },
    {
      "#text": "http://www.osvdb.org/57001",
      "@id": "57001",
      "@source": "OSVDB"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    }
  ],
  "title": "SquirrelMail vulnerable to cross-site request forgery"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-2964

Vulnerability from cvelistv5

ghsa-jj6p-27w9-hh6m

Vulnerability from github

rhsa-2009_1490

Vulnerability from csaf_redhat

gsd-2009-2964

Vulnerability from gsd

CVE-2009-2964

Vulnerability from jvndb

Tags

Sightings

Nomenclature