CVE-2011-2752

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-2752
CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555.

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://rhn.redhat.com/errata/RHSA-2012-0103.html
http://www.debian.org/security/2011/dsa-2291
http://www.mandriva.com/security/advisories?name=MDVSA-2011:123
http://www.squirrelmail.org/security/issue/2011-07-11 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/68587
http://rhn.redhat.com/errata/RHSA-2012-0103.html
http://www.debian.org/security/2011/dsa-2291
http://www.mandriva.com/security/advisories?name=MDVSA-2011:123
http://www.squirrelmail.org/security/issue/2011-07-11 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/68587
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:rc1:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:rc1:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.19:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.20:*:*:*:*:*:*:*
History

21 Nov 2024, 01:28

Type Values Removed Values Added
References () http://rhn.redhat.com/errata/RHSA-2012-0103.html - () http://rhn.redhat.com/errata/RHSA-2012-0103.html -
References () http://www.debian.org/security/2011/dsa-2291 - () http://www.debian.org/security/2011/dsa-2291 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 - () http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 -
References () http://www.squirrelmail.org/security/issue/2011-07-11 - Patch, Vendor Advisory () http://www.squirrelmail.org/security/issue/2011-07-11 - Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/68587 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/68587 -
Information

Published : 2011-07-17 20:55

Updated : 2025-04-11 00:51

NVD link : CVE-2011-2752

Mitre link : CVE-2011-2752

CVE.ORG link : CVE-2011-2752

JSON object : View

Products Affected

squirrelmail

  • squirrelmail
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')