危険度:
  CVE識別番号: CVE-2009-1578
  情報公開日: 7 21, 2015

  概要

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING).

  トレンドマイクロの対策

  • 1000552 - Generic Cross Site Scripting(XSS) Prevention

  対応方法

  Trend Micro Deep Security DPI Rule Number: 1000552

  影響を受けるソフトウェア

  • squirrelmail squirrelmail 0.1
  • squirrelmail squirrelmail 0.1.1
  • squirrelmail squirrelmail 0.1.2
  • squirrelmail squirrelmail 0.2
  • squirrelmail squirrelmail 0.2.1
  • squirrelmail squirrelmail 0.3
  • squirrelmail squirrelmail 0.3.1
  • squirrelmail squirrelmail 0.3pre1
  • squirrelmail squirrelmail 0.3pre2
  • squirrelmail squirrelmail 0.4
  • squirrelmail squirrelmail 0.4pre1
  • squirrelmail squirrelmail 0.4pre2
  • squirrelmail squirrelmail 0.5
  • squirrelmail squirrelmail 0.5pre1
  • squirrelmail squirrelmail 0.5pre2
  • squirrelmail squirrelmail 1.0
  • squirrelmail squirrelmail 1.0.1
  • squirrelmail squirrelmail 1.0.2
  • squirrelmail squirrelmail 1.0.3
  • squirrelmail squirrelmail 1.0.4
  • squirrelmail squirrelmail 1.0.5
  • squirrelmail squirrelmail 1.0.6
  • squirrelmail squirrelmail 1.0pre1
  • squirrelmail squirrelmail 1.0pre2
  • squirrelmail squirrelmail 1.0pre3
  • squirrelmail squirrelmail 1.1.0
  • squirrelmail squirrelmail 1.1.1
  • squirrelmail squirrelmail 1.1.2
  • squirrelmail squirrelmail 1.1.3
  • squirrelmail squirrelmail 1.2
  • squirrelmail squirrelmail 1.2.0
  • squirrelmail squirrelmail 1.2.0_rc3
  • squirrelmail squirrelmail 1.2.1
  • squirrelmail squirrelmail 1.2.10
  • squirrelmail squirrelmail 1.2.11
  • squirrelmail squirrelmail 1.2.2
  • squirrelmail squirrelmail 1.2.3
  • squirrelmail squirrelmail 1.2.4
  • squirrelmail squirrelmail 1.2.5
  • squirrelmail squirrelmail 1.2.6
  • squirrelmail squirrelmail 1.2.7
  • squirrelmail squirrelmail 1.2.8
  • squirrelmail squirrelmail 1.2.9
  • squirrelmail squirrelmail 1.3.0
  • squirrelmail squirrelmail 1.3.1
  • squirrelmail squirrelmail 1.3.2
  • squirrelmail squirrelmail 1.4
  • squirrelmail squirrelmail 1.4.0
  • squirrelmail squirrelmail 1.4.0_rc1
  • squirrelmail squirrelmail 1.4.0_rc2a
  • squirrelmail squirrelmail 1.4.1
  • squirrelmail squirrelmail 1.4.10
  • squirrelmail squirrelmail 1.4.10a
  • squirrelmail squirrelmail 1.4.11
  • squirrelmail squirrelmail 1.4.12
  • squirrelmail squirrelmail 1.4.15
  • squirrelmail squirrelmail 1.4.15_rc1
  • squirrelmail squirrelmail 1.4.16
  • squirrelmail squirrelmail 1.4.17