What is the severity of CVE-2005-2095?

CVE-2005-2095 is considered a high severity vulnerability due to its potential for unauthorized access and data manipulation.

How do I fix CVE-2005-2095?

To fix CVE-2005-2095, upgrade to a version of SquirrelMail later than 1.4.4 that addresses this vulnerability.

What types of attacks can CVE-2005-2095 facilitate?

CVE-2005-2095 can facilitate unauthorized preference access, cross-site scripting (XSS) attacks, and arbitrary file writing.

Which versions of SquirrelMail are affected by CVE-2005-2095?

CVE-2005-2095 affects SquirrelMail versions 1.4.4 and earlier.

How is CVE-2005-2095 exploited by attackers?

Attackers exploit CVE-2005-2095 by leveraging the vulnerable extract function in options_identities.php to manipulate user preferences.

Vulnerability/
CVE-2005-2095

medium

4.3

CWE

13/7/2005

7/8/2024

CVE-2005-2095: XSS

First published: Wed Jul 13 2005(Updated: )

options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
SquirrelMail	=1.4.2
SquirrelMail	=1.0.5
SquirrelMail	=1.2.7
SquirrelMail	=1.2.0
SquirrelMail	=1.2.9
SquirrelMail	=1.4.3_rc1
SquirrelMail	=1.2.2
SquirrelMail	=1.4.3
SquirrelMail	=1.2.1
SquirrelMail	=1.4.1
SquirrelMail	=1.4.0
SquirrelMail	=1.4
SquirrelMail	=1.44
SquirrelMail	=1.2.4
SquirrelMail	=1.2.3
SquirrelMail	=1.4.3a
SquirrelMail	=1.0.4
SquirrelMail	=1.2.6
SquirrelMail	=1.2.10
SquirrelMail	=1.2.5
SquirrelMail	=1.2.8
SquirrelMail	=1.2.11

Remedy

http://www.debian.org/security/2005/dsa-756

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2005-2095?
CVE-2005-2095 is considered a high severity vulnerability due to its potential for unauthorized access and data manipulation.
How do I fix CVE-2005-2095?
To fix CVE-2005-2095, upgrade to a version of SquirrelMail later than 1.4.4 that addresses this vulnerability.
What types of attacks can CVE-2005-2095 facilitate?
CVE-2005-2095 can facilitate unauthorized preference access, cross-site scripting (XSS) attacks, and arbitrary file writing.
Which versions of SquirrelMail are affected by CVE-2005-2095?
CVE-2005-2095 affects SquirrelMail versions 1.4.4 and earlier.
How is CVE-2005-2095 exploited by attackers?
Attackers exploit CVE-2005-2095 by leveraging the vulnerable extract function in options_identities.php to manipulate user preferences.

agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/remedy
agent/author
agent/last-modified-date
agent/severity
agent/weakness
agent/references
agent/event
agent/description
agent/source
agent/tags
collector/nvd-historical
vendor/squirrelmail
agent/software-canonical-lookup-request
collector/nvd-index
canonical/squirrelmail
version/squirrelmail/1.4.2
version/squirrelmail/1.0.5
version/squirrelmail/1.2.7
version/squirrelmail/1.2.0
version/squirrelmail/1.2.9
version/squirrelmail/1.4.3_rc1
version/squirrelmail/1.2.2
version/squirrelmail/1.4.3
version/squirrelmail/1.2.1
version/squirrelmail/1.4.1
version/squirrelmail/1.4.0
version/squirrelmail/1.4
version/squirrelmail/1.44
version/squirrelmail/1.2.4
version/squirrelmail/1.2.3
version/squirrelmail/1.4.3a
version/squirrelmail/1.0.4
version/squirrelmail/1.2.6
version/squirrelmail/1.2.10
version/squirrelmail/1.2.5
version/squirrelmail/1.2.8
version/squirrelmail/1.2.11