5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
75.1%
Hanno Boeck reports:
When configuring a web application to use only ssl (e.g. by
forwarding all http-requests to https), a user would expect that
sniffing and hijacking the session is impossible.
Though, for this to be secure, one needs to set the session
cookie to have the secure flag. Otherwise the cookie will be
transferred through HTTP if the victim’s browser does a single
HTTP request on the same domain.
Squirrelmail does not set that flag. It is fixed in the 1.5
test versions, but current 1.4.15 is vulnerable.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | squirrelmail | <= 1.4.15_1 | UNKNOWN |