Lucene search
HistoryJan 18, 2011 - 6:03 p.m.
CVE-2009-5051
cve-2009-5051
hastymail2
rc 8
session cookie
secure flag
https
remote attackers
intercepting transmission
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.8%
Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Affected configurations
Node
hastymailhastymail2beta1
ORhastymailhastymail2beta2
ORhastymailhastymail2beta3
ORhastymailhastymail2rc1
ORhastymailhastymail2rc2
ORhastymailhastymail2rc3
ORhastymailhastymail2rc4
ORhastymailhastymail2rc5
ORhastymailhastymail2rc6
ORhastymailhastymail2rc7
| CPE | Name | Operator | Version |
|---|---|---|---|
| hastymail:hastymail2 | hastymail hastymail2 | eq | * |
Related
prion
prion
Session fixation
2011-01-18 18:03:00
cvelist
cvelist
CVE-2009-5051
2011-01-18 17:00:00
openvas
openvas
Hastymail2 < RC8 Security Bypass Vulnerability
2011-01-21 00:00:00
Hastymail2 Session Cookie Security Bypass Vulnerability
2011-01-21 00:00:00
nvd
nvd
CVE-2009-5051
2011-01-18 18:03:06
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.8%
Related for CVE-2009-5051