Lucene search

K
freebsdFreeBSDA0AFB4B9-89A1-11DD-A65B-00163E000016
HistoryAug 12, 2008 - 12:00 a.m.

squirrelmail -- Session hijacking vulnerability

2008-08-1200:00:00
vuxml.freebsd.org
18

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.005

Percentile

75.5%

Hanno Boeck reports:

When configuring a web application to use only ssl (e.g. by
forwarding all http-requests to https), a user would expect that
sniffing and hijacking the session is impossible.
Though, for this to be secure, one needs to set the session
cookie to have the secure flag. Otherwise the cookie will be
transferred through HTTP if the victim’s browser does a single
HTTP request on the same domain.
Squirrelmail does not set that flag. It is fixed in the 1.5
test versions, but current 1.4.15 is vulnerable.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchsquirrelmail<= 1.4.15_1UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.005

Percentile

75.5%