SquirrelMail Redirect.PHP Cookie Theft Vulnerability
BID:17005
CVE-2006-3665 |Info
SquirrelMail Redirect.PHP Cookie Theft Vulnerability
| Bugtraq ID: | 17005 |
| Class: | Unknown |
| CVE: |
CVE-2005-3128 CVE-2006-3665 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 07 2006 12:00AM |
| Updated: | Jul 05 2016 09:38PM |
| Credit: | The vendor reported this vulnerability. |
| Vulnerable: |
SquirrelMail SquirrelMail 1.4.8 SquirrelMail SquirrelMail 1.4.6 -rc1 SquirrelMail SquirrelMail 1.4.6 -cvs SquirrelMail SquirrelMail 1.4.6 SquirrelMail SquirrelMail 1.4.5 SquirrelMail SquirrelMail 1.4.4 RC1 SquirrelMail SquirrelMail 1.4.4 SquirrelMail SquirrelMail 1.4.3 RC1 SquirrelMail SquirrelMail 1.4.3 r3 SquirrelMail SquirrelMail 1.4.3 a SquirrelMail SquirrelMail 1.4.3 SquirrelMail SquirrelMail 1.4.2 SquirrelMail SquirrelMail 1.4.1 SquirrelMail SquirrelMail 1.4 RC1 SquirrelMail SquirrelMail 1.4 |
| Not Vulnerable: |
SquirrelMail SquirrelMail 1.4.7 |
Discussion
SquirrelMail Redirect.PHP Cookie Theft Vulnerability
SquirrelMail is prone to a cookie-theft vulnerability.
An attacker may leverage this issue to steal cookie-based authentication credentials and potentially carry out other attacks.
SquirrelMail is prone to a cookie-theft vulnerability.
An attacker may leverage this issue to steal cookie-based authentication credentials and potentially carry out other attacks.
Exploit / POC
SquirrelMail Redirect.PHP Cookie Theft Vulnerability
An exploit is likely not required.
An exploit is likely not required.
Solution / Fix
SquirrelMail Redirect.PHP Cookie Theft Vulnerability
Solution:
The vendor has released version 1.47 -cvs to address this issue. The CVS fix is available from the vendor's web site.
Solution:
The vendor has released version 1.47 -cvs to address this issue. The CVS fix is available from the vendor's web site.
References
SquirrelMail Redirect.PHP Cookie Theft Vulnerability
References:
References:
- SquirrelMail Changelog (SquirrelMail)
- XMB Homepage (XMB)