This host is running SquirrelMail and is prone to multiple Cross Site Request Forgery vulnerabilities.

Attacker may leverage this issue to modify user preferences, delete emails, and potentially send emails, and can hijack the authentication of unspecified victims. Impact Level: System/Application

Upgrade to version 1.4.20 RC1 or latest http://www.squirrelmail.org/download.php or Apply Patch from below link http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13818

Multiple CSRF errors are caused via features such as send message and change preferences, related to addrbook_search_html.php, folders_rename_getname.php, folders_rename_do.php, folders_subscribe.php, move_messages.php, options.php, options_highlight.php, options_identities.php, options_order.php, search.php, addressbook.php, compose.php, folders.php, folders_create.php, vcard.php and folders_delete.php in /src and mailbox_display.php in functions directory.

SquirrelMail version 1.4.19 and prior on Linux.

• http://secunia.com/advisories/34627
• http://www.squirrelmail.org/security/issue/2009-08-12
• http://xforce.iss.net/xforce/xfdb/52406

---

Updated on 2015-03-25