Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-0030
HistoryJan 21, 2009 - 8:30 p.m.

CVE-2009-0030

2009-01-2120:30:00
CWE-287
[email protected]
web.nvd.nist.gov
36
red hat
squirrelmail
sqmsessid
webmail
cve-2009-0030
cve-2008-3663
security vulnerability
authentication
remote access

6.1 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.2%

JSON

A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users’ folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.

Related

prion 2
ubuntucve 2
seebug 2
nessus 19
oraclelinux 2
openvas 43
veracode 2
redhat 2
centos 2
fedora 6
cve 1
securityvulns 2
freebsd 1
prion
prion
Design/Logic Flaw
2009-01-21 20:30:00
Design/Logic Flaw
2008-09-24 14:56:00
ubuntucve
ubuntucve
CVE-2009-0030
2009-01-21 00:00:00
CVE-2008-3663
2008-09-24 00:00:00
seebug
seebug
SquirrelMail软件包会话处理绕过认证漏洞
2009-02-19 00:00:00
SquirrelMail不安全COOKE泄漏漏洞
2008-09-25 00:00:00
nessus
nessus
openSUSE 10 Security Update : squirrelmail (squirrelmail-5978)
2009-02-05 00:00:00
Scientific Linux Security Update : squirrelmail on SL3.x, SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
RHEL 3 / 4 / 5 : squirrelmail (RHSA-2009:0057)
2009-01-20 00:00:00
oraclelinux
oraclelinux
squirrelmail security update
2009-01-20 00:00:00
squirrelmail security update
2009-01-12 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2009-0057)
2015-10-08 00:00:00
RedHat Security Advisory RHSA-2009:0057
2009-01-20 00:00:00
CentOS Update for squirrelmail CESA-2009:0057 centos5 i386
2011-08-09 00:00:00
veracode
veracode
Session Hijacking
2020-04-10 00:29:08
Information Disclosure
2020-04-10 00:36:07
redhat
redhat
(RHSA-2009:0057) Important: squirrelmail security update
2009-01-19 00:00:00
(RHSA-2009:0010) Moderate: squirrelmail security update
2009-01-12 00:00:00
centos
centos
squirrelmail security update
2009-01-19 22:38:06
squirrelmail security update
2009-01-12 15:25:30
fedora
fedora
[SECURITY] Fedora 9 Update: squirrelmail-1.4.16-1.fc9
2008-10-23 16:35:48
[SECURITY] Fedora 8 Update: squirrelmail-1.4.16-1.fc8
2008-10-24 23:48:16
[SECURITY] Fedora 9 Update: squirrelmail-1.4.17-1.fc9
2008-12-07 04:13:16
cve
cve
CVE-2008-3663
2008-09-24 14:56:00
securityvulns
securityvulns
Squirrelmail: Session hijacking vulnerability, CVE-2008-3663
2008-09-24 00:00:00
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2008-09-24 00:00:00
freebsd
freebsd
squirrelmail -- Session hijacking vulnerability
2008-08-12 00:00:00

6.1 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.2%

JSON
Related for CVE-2009-0030
prion2ubuntucve2seebug2nessus19oraclelinux2openvas43veracode2redhat2centos2fedora6cve1securityvulns2freebsd1