Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

SquirrelMail base_uri Parameter Information Disclosure Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Tries to change path parameter used by SquirrelMail cookies

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that is affected by an
information disclosure issue.

Description :

The version of SquirrelMail installed on the remote fails to check the
origin of the 'base_uri' parameter in the 'functions/strings.php'
script before using it to set the path for its cookies. A possible hacker
may be able to leverage this issue to steal cookies associated with
the affected application provided he has control of a malicious site
within the same domain and PHP's 'register_globals' setting is

See also :

Solution :

Disable PHP's 'register_globals' setting or upgrade to SquirrelMail
1.4.7-CVS or later.

Threat Level:

Low / CVSS Base Score : 1.9

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.