Summary
The target is running at least one instance of SquirrelMail whose version number suggests it is vulnerable to one or more cross-site scripting vulnerabilities :
- Insufficient escaping of integer variables in webmail.php allows a remote attacker to include HTML / script into a SquirrelMail webpage (affects 1.4.0-RC1 - 1.4.4-RC1).
- Insufficient checking of incoming URL vars in webmail.php allows an attacker to include arbitrary remote web pages in the SquirrelMail frameset (affects 1.4.0-RC1 - 1.4.4-RC1).
- A recent change in prefs.php allows an attacker to provide a specially crafted URL that could include local code into the SquirrelMail code if and only if PHP's register_globals setting is enabled (affects 1.4.3-RC1 - 1.4.4-RC1).
***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number of Squirrelmail ***** installed there.
Solution
Upgrade to SquirrelMail 1.4.4 or later.
Severity
Classification
-
CVE CVE-2005-0075, CVE-2005-0103, CVE-2005-0104 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AjaXplorer zoho plugin Directory Traversal Vulnerability
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution