Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0195

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0195
Last Modified 07 Mar 2011 09:29:33
Published 23 Feb 2006 07:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0195

Summary

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.

Vulnerable Systems

Application

  • Squirrelmail 1.4

  • Squirrelmail 1.4 Rc1

  • Squirrelmail 1.4.1

  • Squirrelmail 1.4.2

  • Squirrelmail 1.4.3

  • Squirrelmail 1.4.3 R3

  • Squirrelmail 1.4.3 Rc1

  • Squirrelmail 1.4.3a

  • Squirrelmail 1.4.4

  • Squirrelmail 1.4.4 Rc1

  • Squirrelmail 1.4.5

  • Squirrelmail 1.4.6 Rc1


References

XF - squirrelmail-magichtml-xss(24848)

VUPEN - ADV-2006-0689

CONFIRM - http://www.squirrelmail.org/security/issue/2006-02-10

BID - 16756

SECTRACK - 1015662

SECUNIA - 18985

REDHAT - RHSA-2006:0283

FEDORA - FEDORA-2006-133

SUSE - SUSE-SR:2006:005

MANDRIVA - MDKSA-2006:049

GENTOO - GLSA-200603-09

DEBIAN - DSA-988

SECUNIA - 20210

SECUNIA - 19960

SECUNIA - 19205

SECUNIA - 19176

SECUNIA - 19131

SECUNIA - 19130

SGI - 20060501-01-U


Last Updated: 27 May 2016 10:41:34