CVE-2011-2753

Sažetak

Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555.

Reference

http://rhn.redhat.com/errata/RHSA-2012-0103.html
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119
http://www.debian.org/security/2011/dsa-2291
http://www.mandriva.com/security/advisories?name=MDVSA-2011:123
https://bugzilla.redhat.com/show_bug.cgi?id=720694
https://exchange.xforce.ibmcloud.com/vulnerabilities/68586

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-08-2017 - 01:29

Objavljeno

17-07-2011 - 20:55