Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2009-1581
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-14 May, 2009 | 17:30
Updated At-29 Sep, 2017 | 01:34

functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
SquirrelMail
squirrelmail
>>squirrelmail>>*
cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>Versions up to 1.4.17(inclusive)
cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>0.1
cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>0.1.1
cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>0.1.2
cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>0.2
cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>0.2.1
cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>0.3
cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>0.3.1
cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>0.3pre1
cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>0.3pre2
cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>0.4
cpe:2.3:a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>0.4pre1
cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>0.4pre2
cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>0.5
cpe:2.3:a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>0.5pre1
cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>0.5pre2
cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.0
cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.0.1
cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.0.2
cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.0.3
cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.0.4
cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.0.5
cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.0.6
cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.0pre1
cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.0pre2
cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.0pre3
cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.1.0
cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.1.1
cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.1.2
cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.1.3
cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.2
cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.2.0
cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.2.0_rc3
cpe:2.3:a:squirrelmail:squirrelmail:1.2.0_rc3:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.2.1
cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.2.2
cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.2.3
cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.2.4
cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.2.5
cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.2.6
cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.2.7
cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.2.8
cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.2.9
cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.2.10
cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.2.11
cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.3.0
cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.3.1
cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.3.2
cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.4
cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*
SquirrelMail
squirrelmail
>>squirrelmail>>1.4.0
cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlcve@mitre.org
N/A
http://secunia.com/advisories/35052cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/35073cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/35140cve@mitre.org
N/A
http://secunia.com/advisories/35259cve@mitre.org
N/A
http://secunia.com/advisories/40220cve@mitre.org
N/A
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLogcve@mitre.org
N/A
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667cve@mitre.org
N/A
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667cve@mitre.org
N/A
http://support.apple.com/kb/HT4188cve@mitre.org
N/A
http://www.debian.org/security/2009/dsa-1802cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:110cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2009-1066.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/34916cve@mitre.org
N/A
http://www.squirrelmail.org/security/issue/2009-05-12cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/1296cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2010/1481cve@mitre.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=500356cve@mitre.org
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/50463cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441cve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.htmlcve@mitre.org
N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/35052
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/35073
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/35140
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/35259
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/40220
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4188
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2009/dsa-1802
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:110
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1066.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/34916
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.squirrelmail.org/security/issue/2009-05-12
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1296
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/1481
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=500356
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/50463
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html
Source: cve@mitre.org
Resource: N/A
Change History
0Changes found
Details not found