Family: CGI abuses --> Category: attack
SquirrelMail base_uri Parameter Information Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to change path parameter used by SquirrelMail cookies
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is affected by an
information disclosure issue.
The version of SquirrelMail installed on the remote fails to check the
origin of the 'base_uri' parameter in the 'functions/strings.php'
script before using it to set the path for its cookies. A possible hacker
may be able to leverage this issue to steal cookies associated with
the affected application provided he has control of a malicious site
within the same domain and PHP's 'register_globals' setting is
See also :
Disable PHP's 'register_globals' setting or upgrade to SquirrelMail
1.4.7-CVS or later.
Low / CVSS Base Score : 1.9
Click HERE for more information and discussions on this network vulnerability scan.