Lucene search

K
cveMitreCVE-2008-3663
HistorySep 24, 2008 - 2:56 p.m.

CVE-2008-3663

2008-09-2414:56:52
CWE-310
mitre
web.nvd.nist.gov
33
cve-2008-3663
squirrelmail
session cookie
security
https
http requests

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.005

Percentile

75.5%

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Affected configurations

Nvd
Node
squirrelmailsquirrelmailMatch1.4.15
VendorProductVersionCPE
squirrelmailsquirrelmail1.4.15cpe:/a:squirrelmail:squirrelmail:1.4.15:::

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.005

Percentile

75.5%