CVE-2011-2753

NameCVE-2011-2753
DescriptionMultiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2291-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
squirrelmail (PTS)jessie, jessie (lts)2:1.4.23~svn20120406-2+deb8u5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
squirrelmailsourcelenny2:1.4.15-4+lenny5DSA-2291-1
squirrelmailsourcesqueeze2:1.4.21-2DSA-2291-1
squirrelmailsource(unstable)2:1.4.22-1low

Notes

difficult to exploit

Search for package or bug name: Reporting problems