Executive Summary
| Summary | |
|---|---|
| Title | SqWebmail vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | USN-201-1 | First vendor Publication | 2005-10-11 |
| Vendor | Ubuntu | Last vendor Modification | 2005-10-11 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: sqwebmail The problem can be corrected by upgrading the affected package to version 0.45.6-1ubuntu0.1 (for Ubuntu 4.10), or 0.47-3ubuntu1.3 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Several Cross Site Scripting vulnerabilities were discovered in SqWebmail. A remote attacker could exploit this to execute arbitrary JavaScript or other active HTML embeddable content in the web browser of an SqWebmail user by sending specially crafted emails to him. Please note that the "sqwebmail" package is not officially supported by Ubuntu (it is in the "universe" section of the archive). |
Original Source
| Url : http://www.ubuntu.com/usn/USN-201-1 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 793-1 (courier) File : nvt/deb_793_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 820-1 (courier) File : nvt/deb_820_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 19262 | SqWebMail in MSIE Conditional Comments XSS SqWebMail contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate HTML comments in e-mails. This may allow a user to create a specially crafted e-mail that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
| 19047 | SqWebMail HTML Email img src Tag Arbitrary Script Insertion SqWebMail contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate img src tags in HTML e-mails. This may allow a user to create a specially crafted e-mail that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
| 18948 | SqWebMail Attached File Arbitrary Script Insertion SqWebMail contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate file content when displaying an attachment. This may allow a user to create a specially crafted attachment that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-201-1.nasl - Type : ACT_GATHER_INFO |
| 2005-10-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-820.nasl - Type : ACT_GATHER_INFO |
| 2005-09-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-793.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:02:41 |
|
