You are here

CVE-2010-1637

Vincent (CVE) Danen's picture
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.

Details Source

Mitre

Statement

The Red Hat Security Response Team has rated this issue as having low
security impact, a future update may address this flaw.

Public Date

2010-05-20 00:00:00

Impact

Low

Bugzilla

CVE-2010-1637 SquirrelMail: Mail Fetch plugin -- port-scans via non-standard POP3 server ports

Bugzilla ID

606 459

CVSS Status

verified

Base Score

3.50

Base Metrics

AV:N/AC:M/Au:S/C:P/I:N/A:N

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (squirrelmail) RHSA-2012:0103 2012-02-08
Red Hat Enterprise Linux 4 (squirrelmail) RHSA-2012:0103 2012-02-08

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 3 squirrelmail Will not fix