This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing a security update.
CVE-2009-2964 squirrelmail: CSRF issues in all forms
Form submissions in SquirrelMail did not implement protection against
Cross-Site Request Forgery (CSRF) attacks. If a remote attacker
tricked a user into visiting a malicious web page, the attacker could
hijack that user's authentication, inject malicious content into that
user's preferences, or possibly send mail without that user's
See also :
Update the affected squirrelmail package.
Risk factor :
Medium / CVSS Base Score : 6.8
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60676 ()
CVE ID: CVE-2009-2964