CVE-2012-2124Redhat Enterprise Linux vulnerability

4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.8%
top 26.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise Linux
Timeline
PublishedJan 18
Latest updateMay 17

Description

functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages0 packages

Also affects: Enterprise Linux 4, 5

🔴Vulnerability Details

1
GHSA
GHSA-xrcw-cgg9-mj7c: functions/imap_general2022-05-17

📋Vendor Advisories

1
Red Hat
squirrelmail: not fixed in RHSA-2012:01032012-04-20

💬Community

1
Bugzilla
CVE-2012-2124 squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:01032012-04-20