The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
2010-06-22T17:30:01.103
2025-04-11T00:51:21.963
Deferred
CVSSv3.1: 6.5 (MEDIUM)
AV:N/AC:L/Au:S/C:P/I:N/A:N
8.0
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | squirrelmail | squirrelmail | ≤ 1.4.20 | Yes |
Operating System | fedoraproject | fedora | 11 | Yes |
Operating System | fedoraproject | fedora | 12 | Yes |
Operating System | fedoraproject | fedora | 13 | Yes |
Operating System | apple | mac_os_x | < 10.6.8 | Yes |
Operating System | apple | mac_os_x_server | < 10.6.8 | Yes |
Operating System | redhat | enterprise_linux_desktop | 5.0 | Yes |
Operating System | redhat | enterprise_linux_server | 5.0 | Yes |
Operating System | redhat | enterprise_linux_workstation | 5.0 | Yes |