CVE-2005-0104
CVSS4.3
发布时间 :2005-01-29 00:00:00
修订时间 :2016-10-17 23:07:52
NMCOPS    

[原文]Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.


[CNNVD]SquirrelMail webmail.php 跨站脚本攻击漏洞(CNNVD-200501-318)

        SquirrelMail是一款使用PHP脚本构建的WebMail系统。
        1.4.4之前版本的SquirrelMail中webmail.php存在跨站脚本攻击漏洞。
        远程攻击者可利用某些整型变量参数,注入任意Web脚本及HTML。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:squirrelmail:squirrelmail:1.2.9
cpe:/a:squirrelmail:squirrelmail:1.4.3_rc1
cpe:/a:squirrelmail:squirrelmail:1.2.5
cpe:/a:squirrelmail:squirrelmail:1.4.3
cpe:/a:squirrelmail:squirrelmail:1.2.6
cpe:/a:squirrelmail:squirrelmail:1.2.7
cpe:/a:squirrelmail:squirrelmail:1.2.8
cpe:/a:squirrelmail:squirrelmail:1.2.10
cpe:/a:squirrelmail:squirrelmail:1.2.11
cpe:/a:squirrelmail:squirrelmail:1.4
cpe:/a:squirrelmail:squirrelmail:1.2.1
cpe:/a:squirrelmail:squirrelmail:1.44
cpe:/a:squirrelmail:squirrelmail:1.0.4
cpe:/a:squirrelmail:squirrelmail:1.2.2
cpe:/a:squirrelmail:squirrelmail:1.4.0
cpe:/a:squirrelmail:squirrelmail:1.0.5
cpe:/a:squirrelmail:squirrelmail:1.2.3
cpe:/a:squirrelmail:squirrelmail:1.4.1
cpe:/a:squirrelmail:squirrelmail:1.2.4
cpe:/a:squirrelmail:squirrelmail:1.4.2
cpe:/a:squirrelmail:squirrelmail:1.2.0
cpe:/a:squirrelmail:squirrelmail:1.4.3a

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10568Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0104
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0104
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-318
(官方数据源) CNNVD

- 其它链接及资源

http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
(VENDOR_ADVISORY)  APPLE  APPLE-SA-2005-03-21
http://marc.info/?l=bugtraq&m=110702772714662&w=2
(UNKNOWN)  BUGTRAQ  20050129 SquirrelMail Security Advisory
http://www.debian.org/security/2005/dsa-662
(VENDOR_ADVISORY)  DEBIAN  DSA-662
http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml
(UNKNOWN)  GENTOO  GLSA-200501-39
http://www.redhat.com/support/errata/RHSA-2005-099.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:099
http://www.redhat.com/support/errata/RHSA-2005-135.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:135
http://www.squirrelmail.org/security/issue/2005-01-20
(VENDOR_ADVISORY)  CONFIRM  http://www.squirrelmail.org/security/issue/2005-01-20
http://xforce.iss.net/xforce/xfdb/19036
(UNKNOWN)  XF  squirrelmail-webmailphp-xss(19036)

- 漏洞信息

SquirrelMail webmail.php 跨站脚本攻击漏洞
中危 跨站脚本
2005-01-29 00:00:00 2005-10-20 00:00:00
远程  
        SquirrelMail是一款使用PHP脚本构建的WebMail系统。
        1.4.4之前版本的SquirrelMail中webmail.php存在跨站脚本攻击漏洞。
        远程攻击者可利用某些整型变量参数,注入任意Web脚本及HTML。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://squirrelmail.org/download.php

- 漏洞信息 (F36628)

Debian Linux Security Advisory 662-2 (PacketStormID:F36628)
2005-03-17 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2005-0104,CVE-2005-0152
[点击下载]

Debian Security Advisory 662-2 - Andrew Archibald discovered that the last update to squirrelmail which was intended to fix several problems caused a regression which got exposed when the user hits a session timeout.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 662-2                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
March 14th, 2005                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : squirrelmail
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-0104 CAN-2005-0152
Debian Bug     : 292714 295836

Andrew Archibald discovered that the last update to squirrelmail which
was intended to fix several problems caused a regression which got
exposed when the user hits a session timeout.  For completeness below
is the original advisory text:

  Several vulnerabilities have been discovered in Squirrelmail, a
  commonly used webmail system.  The Common Vulnerabilities and
  Exposures project identifies the following problems:

  CAN-2005-0104

      Upstream developers noticed that an unsanitised variable could
      lead to cross site scripting.

  CAN-2005-0152

      Grant Hollingworth discovered that under certain circumstances URL
      manipulation could lead to the execution of arbitrary code with
      the privileges of www-data.  This problem only exists in version
      1.2.6 of Squirrelmail.

For the stable distribution (woody) these problems have been fixed in
version 1.2.6-3.

The correction in the unstable distribution (sid) is not affected by
this regression.

We recommend that you upgrade your squirrelmail package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-3.dsc
      Size/MD5 checksum:      646 1de7e6666fccf9bec33415a8f087aec6
    http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-3.diff.gz
      Size/MD5 checksum:    21411 ec0e038ffe18e2035fccac02eb31ba21
    http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz
      Size/MD5 checksum:  1856087 be9e6be1de8d3dd818185d596b41a7f1

  Architecture independent components:

    http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-3_all.deb
      Size/MD5 checksum:  1840798 13cfdb962ff49d27edee7ec6686a8265


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCNZ6AW5ql+IAeqTIRAu4yAKCbVNK+myICY/ooPKdI+BuO9ivBswCfW4g9
kNx9jofzZc+8KNPmErFj2vg=
=XFij
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F35996)

dsa-662.txt (PacketStormID:F35996)
2005-02-02 00:00:00
 
advisory,arbitrary,vulnerability,xss
linux,debian
CVE-2005-0104,CVE-2005-0152
[点击下载]

Debian Security Advisory 662-1 - Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. Upstream developers noticed that an unsanitized variable could lead to cross site scripting. Grant Hollingworth discovered that under certain circumstances URL manipulation could lead to the execution of arbitrary code with the privileges of www-data. This problem only exists in version 1.2.6 of Squirrelmail.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 662-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
February 1st, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : squirrelmail
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-0104 CAN-2005-0152
Debian Bug     : 292714

Several vulnerabilities have been discovered in Squirrelmail, a
commonly used webmail system.  The Common Vulnerabilities and
Exposures project identifies the following problems:

CAN-2005-0104

    Upstream developers noticed that an unsanitised variable could
    lead to cross site scripting.

CAN-2005-0152

    Grant Hollingworth discovered that under certain circumstances URL
    manipulation could lead to the execution of arbitrary code with
    the privileges of www-data.  This problem only exists in version
    1.2.6 of Squirrelmail.

For the stable distribution (woody) these problems have been fixed in
version 1.2.6-2.

For the unstable distribution (sid) the problem that affects unstable
has been fixed in version 1.4.4-1.

We recommend that you upgrade your squirrelmail package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-2.dsc
      Size/MD5 checksum:      646 4900cffd3e5d45735f65c21476efc806
    http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-2.diff.gz
      Size/MD5 checksum:    21204 4614ece547701e83d640b5740bb59d51
    http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz
      Size/MD5 checksum:  1856087 be9e6be1de8d3dd818185d596b41a7f1

  Architecture independent components:

    http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-2_all.deb
      Size/MD5 checksum:  1840668 2d23a6986ab2862bb1acd160b5a2919c


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB/5XHW5ql+IAeqTIRAkpkAKCe9RF1LswG8hauggRbypCgsGxfygCeK10Z
F2TH29V21YfxpuF3gCLIDxE=
=KEhs
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F35958)

squirrelInclusion.txt (PacketStormID:F35958)
2005-01-30 00:00:00
Jonathan Angliss  squirrelmail.org
advisory,remote,web,php,xss
CVE-2005-0104,CVE-2005-0103
[点击下载]

SquirrelMail Security Advisory - SquirrelMail 1.4.4 has been released to resolve a number of security issues. Manoel Zaninetti reported an issue in src/webmail.php which would allow a crafted URL to include a remote web page. A possible cross site scripting issue exists in src/webmail.php that is only accessible when the PHP installation is running with register_globals set to On.

SquirrelMail Security Advisory
==============================

SquirrelMail 1.4.4 has been released to resolve a number of security
issues disclosed below.  It is strongly recommended that all running
SquirrelMail prior to 1.4.4 upgrade to the latest release.

Remote File Inclusion
---------------------
Manoel Zaninetti reported an issue in src/webmail.php which would allow a
crafted URL to include a remote web page.  This was assigned CAN-2005-0103
by the Common Vulnerabilities and Exposures.

Cross Site Scripting Issues
---------------------------
A possible cross site scripting issue exists in src/webmail.php that is
only accessible when the PHP installation is running with register_globals
set to On.  This issue was uncovered internally by the SquirrelMail
Development team. This isssue was assigned CAN-2005-0104 by the Common
Vulnerabilities and Exposures.

A second issue which was resolved in the 1.4.4-rc1 release was uncovered
and assigned CAN-2004-1036 by the Common Vulnerabilities and Exposures. 
This issue could allow a remote user to send a specially crafted header
and cause execution of script (such as javascript) in the client browser.

Local File Inclusion
--------------------
A possible local file inclusion issue was uncovered by one of our
developers involving custom preference handlers.  This issue is only
active if the PHP installation is running with register_globals set to On.


It is strongly suggested that all users running SquirrelMail prior to
1.4.4 upgrade to the latest release.  Those using a development release,
should upgrade to the latest snapshots to ensure they have the latest
updates for these issues.  A full list of changes in this, and previous
releases can be found here (http://www.squirrelmail.org/changelog.php).

For further updates on security issues, details are posted to
http://www.squirrelmail.org/security/.  Any security issues should be
emailed to security@squirrelmail.org.

We'd like to express thanks for those that have worked with us on getting
security issues resolved with SquirrelMail, and hope that people continue
to do so in such fashion, it is much appreciated.

-- 
Jonathan Angliss
SquirrelMail Development Team

    

- 漏洞信息

13145
SquirrelMail webmail.php XSS
Remote / Network Access Input Manipulation
Loss of Integrity Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2005-01-20 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.4.4-RC1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

SquirrelMail Multiple Remote Input Validation Vulnerabilities
Input Validation Error 12337
Yes No
2005-01-22 12:00:00 2009-07-12 10:06:00
Manoel Zaninetti is credited with the discovery of the frame content manipulation issue. Jimmy Conner is credited with discovering the local file inclusion issue. The cross-site scripting issue was reported by the vendor.

- 受影响的程序版本

SquirrelMail SquirrelMail 1.4.8
SquirrelMail SquirrelMail 1.4.4 RC1
SquirrelMail SquirrelMail 1.4.3 RC1
SquirrelMail SquirrelMail 1.4.3 r3
+ Gentoo Linux
SquirrelMail SquirrelMail 1.4.3 a
+ Conectiva Linux 9.0
+ Red Hat Fedora Core3
+ Red Hat Fedora Core3
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Red Hat Fedora Core2
SquirrelMail SquirrelMail 1.4.3
SquirrelMail SquirrelMail 1.4.2
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 3.0
+ Red Hat Fedora Core2
+ Red Hat Fedora Core2
+ Red Hat Fedora Core2
SquirrelMail SquirrelMail 1.4.1
SquirrelMail SquirrelMail 1.4 RC1
SquirrelMail SquirrelMail 1.4
SquirrelMail SquirrelMail 1.2.11
SquirrelMail SquirrelMail 1.2.10
SquirrelMail SquirrelMail 1.2.9
SquirrelMail SquirrelMail 1.2.8
+ Terra Soft Solutions Yellow Dog Linux 3.0
SquirrelMail SquirrelMail 1.2.7
+ RedHat Linux 8.0
SquirrelMail SquirrelMail 1.2.6
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
SquirrelMail SquirrelMail 1.2.5
SquirrelMail SquirrelMail 1.2.4
SquirrelMail SquirrelMail 1.2.3
SquirrelMail SquirrelMail 1.2.2
SquirrelMail SquirrelMail 1.2.1
SquirrelMail SquirrelMail 1.2 .0
SGI ProPack 3.0
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server 9
Red Hat Fedora Core3
Red Hat Fedora Core2
SquirrelMail SquirrelMail 1.4.4
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.1
+ Debian Linux 3.1
+ Gentoo Linux
+ Gentoo Linux
+ Gentoo Linux

- 不受影响的程序版本

SquirrelMail SquirrelMail 1.4.4
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.1
+ Debian Linux 3.1
+ Gentoo Linux
+ Gentoo Linux
+ Gentoo Linux

- 漏洞讨论

SquirrelMail is reported prone to multiple vulnerabilities resulting from input validation errors. These issues may allow an attacker to carry out cross-site scripting and file include attacks. An attacker may also include arbitrary web pages in the SquirrelMail frameset to carry out phishing type attacks.

The following specific issues were identified:

SquirrelMail is reported prone to a cross-site scripting vulnerability. Attacker-supplied code may be rendered in a user's browser facilitating theft of cookie-based authentication credentials and other attacks.

It is reported that an attacker may influence Web content through certain unspecified variables. It is conjectured that this may allow attackers to misrepresent Web content and potentially carry out phishing type attacks.

The application is reported prone to a file include vulnerability as well. Reportedly, an affected script can allow remote attackers to include local scripts. This may eventually lead to unauthorized access in the context of the affected server.

- 漏洞利用

An exploit is not required to carry out these attacks.

- 解决方案

The vendor has released SquirrelMail 1.4.4 to address this issue. Patches for affected versions are available as well.

RedHat has released advisories (FEDORA-2005-259), and (FEDORA-2005-260) to address these issues in Fedora Core 2 and 3. Please see the referenced advisories for further information.

Gentoo Linux has released advisory GLSA 200501-39 dealing with this issue. Gentoo advises that all SquirrelMail users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/squirrelmail-1.4.4"

Note: Users with the vhosts USE flag set should manually use webapp-config to finalize the update. For more information, please see the referenced Gentoo Linux advisory.

Debian has released advisory DSA 662-1 along with fixes dealing with these issues. Please see the referenced advisory for more information.

SGI has released advisory 20050207-01-U including Patch 10144 that contains updated SGI ProPack 3 Service Pack 4 RPMs for the SGI Altix products. This patch addresses various issues. Please see the referenced advisory for more information.

Debian has released advisory DSA 662-2 to address the issue described in CAN-2005-0104. Please see the referenced advisory for more information.

SUSE Linux has released advisory SUSE-SR:2005:014 to address these and other issues. Please see the referenced advisory for more information.


SquirrelMail SquirrelMail 1.2.6

SquirrelMail SquirrelMail 1.4 RC1

SquirrelMail SquirrelMail 1.4

SquirrelMail SquirrelMail 1.4.1

SquirrelMail SquirrelMail 1.4.2

SquirrelMail SquirrelMail 1.4.3 RC1

SquirrelMail SquirrelMail 1.4.3 a

SquirrelMail SquirrelMail 1.4.3 r3

SquirrelMail SquirrelMail 1.4.3

SquirrelMail SquirrelMail 1.4.4 RC1

SquirrelMail SquirrelMail 1.4.8

SGI ProPack 3.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站