FreeBSD Ports: Openwebmail Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-2.txt http://www.freebsd.org/ports/portaudit/89a0de27-bf66-11d8-a252-02e0185c0b53.html http://www.freebsd.org/ports/portaudit/911f1b19-bd20-11d8-84f9-000bdb1444a4.html http://www.freebsd.org/ports/portaudit/c3e56efa-c42f-11d8-864c-02e0185c0b53.html http://www.vuxml.org/freebsd/c5519420-cec2-11d8-8898-000d6111a684.html

Insight

The following packages are affected: openwebmail ilohamail CVE-2004-0519 Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.

Severity

Classification

CVE CVE-2004-0519
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

django -- denial-of-service attack
FreeBSD Ports: apache
FreeBSD Ports: apache
FreeBSD Ports: bugzilla
FreeBSD Ports: bind96

FreeBSD Ports: openwebmail

Take action and discover your vulnerabilities