CERTA-2005-AVI-364
Vulnerability from certfr_avis

Une vulnérabilité de type cross-site scripting est présente dans le composant SqWebMail de Courier.

Description

Courier est un ensemble de services de messagerie comprenant un service de type webmail appelé SqWebMail. Une vulnérabilité de ce dernier permet à un utilisateur distant mal intentionné d'effectuer des attaques de type cross-site scripting par le biais d'un message électronique malicieusement constitué. La vulnérabilité est exploitable uniquement si la victime utilise Internet Explorer pour lire son courrier électronique via le webmail.

Solution

Mettre à jour Courier-SqWebMail en version 5.0.6 :

http://www.courier-mta.org/?download.php

Courier-SqWebMail versions 5.0.4 et antérieures.

Impacted products
Vendor Product Description
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eCourier-SqWebMail versions 5.0.4 et  ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nCourier est un ensemble de services de messagerie comprenant un service\nde type webmail appel\u00e9 SqWebMail. Une vuln\u00e9rabilit\u00e9 de ce dernier permet\n\u00e0 un utilisateur distant mal intentionn\u00e9 d\u0027effectuer des attaques de\ntype cross-site scripting par le biais d\u0027un message \u00e9lectronique\nmalicieusement constitu\u00e9. La vuln\u00e9rabilit\u00e9 est exploitable uniquement si\nla victime utilise Internet Explorer pour lire son courrier \u00e9lectronique\nvia le webmail.\n\n## Solution\n\nMettre \u00e0 jour Courier-SqWebMail en version 5.0.6 :\n\n    http://www.courier-mta.org/?download.php\n",
  "cves": [],
  "initial_release_date": "2005-09-27T00:00:00",
  "last_revision_date": "2005-09-27T00:00:00",
  "links": [
    {
      "title": "Site de Courier :",
      "url": "http://www.courier-mta.org"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-820 du 24 septembre 2005 :",
      "url": "http://www.debian.org/security/2005/dsa-820"
    },
    {
      "title": "Liste des changements de Courier :",
      "url": "http://www.courier-mta.org/changelog.html"
    },
    {
      "title": "Site de SqWebMail :",
      "url": "http://www.courier-mta.org/sqwebmail/"
    }
  ],
  "reference": "CERTA-2005-AVI-364",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-09-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Cross-site scripting"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de type cross-site scripting est pr\u00e9sente dans le\ncomposant SqWebMail de Courier.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Courier-SqWebMail",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Changement du 2005-08-26 dans la liste des changements de Courier.",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.