FreeBSD Ports: Openwebmail Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-2.txt http://www.freebsd.org/ports/portaudit/89a0de27-bf66-11d8-a252-02e0185c0b53.html http://www.freebsd.org/ports/portaudit/911f1b19-bd20-11d8-84f9-000bdb1444a4.html http://www.freebsd.org/ports/portaudit/c3e56efa-c42f-11d8-864c-02e0185c0b53.html http://www.vuxml.org/freebsd/c5519420-cec2-11d8-8898-000d6111a684.html

Insight

The following packages are affected: openwebmail ilohamail CVE-2004-0519 Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.

Severity

Classification

CVE CVE-2004-0519

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

FreeBSD Ports: bacula
FreeBSD Ports: bind96
FreeBSD Ports: asterisk10
FreeBSD Ports: bugzilla
FreeBSD Ports: bugzilla

FreeBSD Ports: openwebmail

Take action and discover your vulnerabilities