CVE-2011-2753: CSRF
First published: Sun Jul 17 2011(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SquirrelMail | <=1.4.21 | |
| SquirrelMail | =0.1 | |
| SquirrelMail | =0.1.1 | |
| SquirrelMail | =0.1.2 | |
| SquirrelMail | =0.2 | |
| SquirrelMail | =0.2.1 | |
| SquirrelMail | =0.3 | |
| SquirrelMail | =0.3.1 | |
| SquirrelMail | =0.3pre1 | |
| SquirrelMail | =0.3pre2 | |
| SquirrelMail | =0.4 | |
| SquirrelMail | =0.4pre1 | |
| SquirrelMail | =0.4pre2 | |
| SquirrelMail | =0.5 | |
| SquirrelMail | =0.5pre1 | |
| SquirrelMail | =0.5pre2 | |
| SquirrelMail | =1.0 | |
| SquirrelMail | =1.0.1 | |
| SquirrelMail | =1.0.2 | |
| SquirrelMail | =1.0.3 | |
| SquirrelMail | =1.0.4 | |
| SquirrelMail | =1.0.5 | |
| SquirrelMail | =1.0.6 | |
| SquirrelMail | =1.0pre1 | |
| SquirrelMail | =1.0pre2 | |
| SquirrelMail | =1.0pre3 | |
| SquirrelMail | =1.1.0 | |
| SquirrelMail | =1.1.1 | |
| SquirrelMail | =1.1.2 | |
| SquirrelMail | =1.1.3 | |
| SquirrelMail | =1.2 | |
| SquirrelMail | =1.2.0 | |
| SquirrelMail | =1.2.0-rc3 | |
| SquirrelMail | =1.2.1 | |
| SquirrelMail | =1.2.2 | |
| SquirrelMail | =1.2.3 | |
| SquirrelMail | =1.2.4 | |
| SquirrelMail | =1.2.5 | |
| SquirrelMail | =1.2.6 | |
| SquirrelMail | =1.2.6-rc1 | |
| SquirrelMail | =1.2.7 | |
| SquirrelMail | =1.2.8 | |
| SquirrelMail | =1.2.9 | |
| SquirrelMail | =1.2.10 | |
| SquirrelMail | =1.2.11 | |
| SquirrelMail | =1.3.0 | |
| SquirrelMail | =1.3.1 | |
| SquirrelMail | =1.3.2 | |
| SquirrelMail | =1.4 | |
| SquirrelMail | =1.4-rc1 | |
| SquirrelMail | =1.4.0 | |
| SquirrelMail | =1.4.0-rc1 | |
| SquirrelMail | =1.4.0-rc2a | |
| SquirrelMail | =1.4.0-r1 | |
| SquirrelMail | =1.4.1 | |
| SquirrelMail | =1.4.2 | |
| SquirrelMail | =1.4.2-r1 | |
| SquirrelMail | =1.4.2-r2 | |
| SquirrelMail | =1.4.2-r3 | |
| SquirrelMail | =1.4.2-r4 | |
| SquirrelMail | =1.4.2-r5 | |
| SquirrelMail | =1.4.3 | |
| SquirrelMail | =1.4.3-r3 | |
| SquirrelMail | =1.4.3-rc1 | |
| SquirrelMail | =1.4.3a | |
| SquirrelMail | =1.4.3aa | |
| SquirrelMail | =1.4.4 | |
| SquirrelMail | =1.4.4-rc1 | |
| SquirrelMail | =1.4.5 | |
| SquirrelMail | =1.4.5-rc1 | |
| SquirrelMail | =1.4.6 | |
| SquirrelMail | =1.4.6-rc1 | |
| SquirrelMail | =1.4.6_cvs | |
| SquirrelMail | =1.4.7 | |
| SquirrelMail | =1.4.8 | |
| SquirrelMail | =1.4.8.4fc6 | |
| SquirrelMail | =1.4.9 | |
| SquirrelMail | =1.4.9a | |
| SquirrelMail | =1.4.10 | |
| SquirrelMail | =1.4.10a | |
| SquirrelMail | =1.4.11 | |
| SquirrelMail | =1.4.12 | |
| SquirrelMail | =1.4.13 | |
| SquirrelMail | =1.4.15 | |
| SquirrelMail | =1.4.15-rc1 | |
| SquirrelMail | =1.4.15rc1 | |
| SquirrelMail | =1.4.16 | |
| SquirrelMail | =1.4.17 | |
| SquirrelMail | =1.4.18 | |
| SquirrelMail | =1.4.19 | |
| SquirrelMail | =1.4.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119
- https://bugzilla.redhat.com/show_bug.cgi?id=720694
- http://www.debian.org/security/2011/dsa-2291
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:123
- http://rhn.redhat.com/errata/RHSA-2012-0103.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68586
Frequently Asked Questions
What is the severity of CVE-2011-2753?
CVE-2011-2753 has a moderate severity rating as it allows cross-site request forgery attacks that can lead to unauthorized actions on behalf of users.
How do I fix CVE-2011-2753?
To fix CVE-2011-2753, users should upgrade to SquirrelMail version 1.4.22 or later.
What types of attacks can exploit CVE-2011-2753?
CVE-2011-2753 can be exploited through cross-site request forgery (CSRF) attacks targeting the empty trash and index order functionalities.
Which versions of SquirrelMail are affected by CVE-2011-2753?
CVE-2011-2753 affects SquirrelMail versions 1.4.21 and earlier, including versions 0.1 through 1.4.20.
What is the potential impact of exploiting CVE-2011-2753?
Exploiting CVE-2011-2753 can lead to unauthorized actions being performed on the account of an unsuspecting user.
- agent/references
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/squirrelmail
- canonical/squirrelmail
- version/squirrelmail/1.4.21
- version/squirrelmail/0.1
- version/squirrelmail/0.1.1
- version/squirrelmail/0.1.2
- version/squirrelmail/0.2
- version/squirrelmail/0.2.1
- version/squirrelmail/0.3
- version/squirrelmail/0.3.1
- version/squirrelmail/0.3pre1
- version/squirrelmail/0.3pre2
- version/squirrelmail/0.4
- version/squirrelmail/0.4pre1
- version/squirrelmail/0.4pre2
- version/squirrelmail/0.5
- version/squirrelmail/0.5pre1
- version/squirrelmail/0.5pre2
- version/squirrelmail/1.0
- version/squirrelmail/1.0.1
- version/squirrelmail/1.0.2
- version/squirrelmail/1.0.3
- version/squirrelmail/1.0.4
- version/squirrelmail/1.0.5
- version/squirrelmail/1.0.6
- version/squirrelmail/1.0pre1
- version/squirrelmail/1.0pre2
- version/squirrelmail/1.0pre3
- version/squirrelmail/1.1.0
- version/squirrelmail/1.1.1
- version/squirrelmail/1.1.2
- version/squirrelmail/1.1.3
- version/squirrelmail/1.2
- version/squirrelmail/1.2.0
- version/squirrelmail/1.2.0-rc3
- version/squirrelmail/1.2.1
- version/squirrelmail/1.2.2
- version/squirrelmail/1.2.3
- version/squirrelmail/1.2.4
- version/squirrelmail/1.2.5
- version/squirrelmail/1.2.6
- version/squirrelmail/1.2.6-rc1
- version/squirrelmail/1.2.7
- version/squirrelmail/1.2.8
- version/squirrelmail/1.2.9
- version/squirrelmail/1.2.10
- version/squirrelmail/1.2.11
- version/squirrelmail/1.3.0
- version/squirrelmail/1.3.1
- version/squirrelmail/1.3.2
- version/squirrelmail/1.4
- version/squirrelmail/1.4-rc1
- version/squirrelmail/1.4.0
- version/squirrelmail/1.4.0-rc1
- version/squirrelmail/1.4.0-rc2a
- version/squirrelmail/1.4.0-r1
- version/squirrelmail/1.4.1
- version/squirrelmail/1.4.2
- version/squirrelmail/1.4.2-r1
- version/squirrelmail/1.4.2-r2
- version/squirrelmail/1.4.2-r3
- version/squirrelmail/1.4.2-r4
- version/squirrelmail/1.4.2-r5
- version/squirrelmail/1.4.3
- version/squirrelmail/1.4.3-r3
- version/squirrelmail/1.4.3-rc1
- version/squirrelmail/1.4.3a
- version/squirrelmail/1.4.3aa
- version/squirrelmail/1.4.4
- version/squirrelmail/1.4.4-rc1
- version/squirrelmail/1.4.5
- version/squirrelmail/1.4.5-rc1
- version/squirrelmail/1.4.6
- version/squirrelmail/1.4.6-rc1
- version/squirrelmail/1.4.6_cvs
- version/squirrelmail/1.4.7
- version/squirrelmail/1.4.8
- version/squirrelmail/1.4.8.4fc6
- version/squirrelmail/1.4.9
- version/squirrelmail/1.4.9a
- version/squirrelmail/1.4.10
- version/squirrelmail/1.4.10a
- version/squirrelmail/1.4.11
- version/squirrelmail/1.4.12
- version/squirrelmail/1.4.13
- version/squirrelmail/1.4.15
- version/squirrelmail/1.4.15-rc1
- version/squirrelmail/1.4.15rc1
- version/squirrelmail/1.4.16
- version/squirrelmail/1.4.17
- version/squirrelmail/1.4.18
- version/squirrelmail/1.4.19
- version/squirrelmail/1.4.20