Vulnerability Details : CVE-2010-4554
functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2010-4554
Probability of exploitation activity in the next 30 days: 0.45%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4554
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2010-4554
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4554
-
https://bugzilla.redhat.com/show_bug.cgi?id=720693
720693 – (CVE-2010-4554) CVE-2010-4554 SquirrelMail: Prone to clickjacking attacksPatch
-
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php?view=patch&r1=14117&r2=14116&pathrev=14117
404 Not FoundPatch
-
http://www.debian.org/security/2011/dsa-2291
Debian -- Security Information -- DSA-2291-1 squirrelmail
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/68512
SquirrelMail HTTP clickjacking CVE-2010-4554 Vulnerability Report
-
http://www.squirrelmail.org/security/issue/2011-07-12
SquirrelMail - Webmail for Nuts!Patch;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2012-0103.html
RHSA-2012:0103 - Security Advisory - Red Hat Customer Portal
-
http://support.apple.com/kb/HT5130
About the security content of OS X Lion v10.7.3 and Security Update 2012-001 - Apple Support
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:123
mandriva.com
-
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
Apple - Lists.apple.com
Products affected by CVE-2010-4554
- cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.19:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.20:*:*:*:*:*:*:*