Squirrelmail : Security Vulnerabilities, CVEs, (Denial of service)
functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.
Max CVSS
5.0
EPSS Score
0.76%
Published
2013-01-18
Updated
2023-02-13
functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files.
Max CVSS
5.0
EPSS Score
11.47%
Published
2010-08-19
Updated
2017-08-17
2 vulnerabilities found