CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
75.5%
Hanno Boeck reports:
When configuring a web application to use only ssl (e.g. by
forwarding all http-requests to https), a user would expect that
sniffing and hijacking the session is impossible.
Though, for this to be secure, one needs to set the session
cookie to have the secure flag. Otherwise the cookie will be
transferred through HTTP if the victim’s browser does a single
HTTP request on the same domain.
Squirrelmail does not set that flag. It is fixed in the 1.5
test versions, but current 1.4.15 is vulnerable.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | squirrelmail | <= 1.4.15_1 | UNKNOWN |