← Back

CVE-2010-1637

nvd nist
Published: Jun 22, 2010Modified: Apr 29, 2026

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.

Affected (9)

Show all products
Squirrelmail: Squirrelmail · Fedoraproject: Fedora · Apple: Mac Os X, Mac Os X Server · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation
Squirrelmail
1 product
Squirrelmail
Fedoraproject
1 product
Fedora
Apple
2 products
Mac Os X
Mac Os X Server
Redhat
3 products
Enterprise Linux Desktop
Enterprise Linux Server
Enterprise Linux Workstation
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Squirrelmail
Up to 1.4.20
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 11
Fedora
Version 12
Fedora
Version 13
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Mac Os X
Before 10.6.8
Mac Os X Server
Before 10.6.8
Configuration D
3 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux Desktop
Version 5.0
Enterprise Linux Server
Version 5.0
Enterprise Linux Workstation
Version 5.0

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (40)

Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
Product
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Mailing ListPatch
Source: secalert@redhat.com
Broken LinkThird Party AdvisoryVDB Entry
Source: secalert@redhat.com
Broken LinkThird Party AdvisoryVDB Entry
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

Timeline

No history available yet.