Lucene search

K
nvd[email protected]NVD:CVE-2009-0030
HistoryJan 21, 2009 - 8:30 p.m.

CVE-2009-0030

2009-01-2120:30:00
CWE-287
web.nvd.nist.gov
7

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.3

Confidence

High

EPSS

0.005

Percentile

76.4%

A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users’ folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.

Affected configurations

Nvd
Node
squirrelmailsquirrelmailMatch1.4.8
VendorProductVersionCPE
squirrelmailsquirrelmail1.4.8cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.3

Confidence

High

EPSS

0.005

Percentile

76.4%