Lucene search

[email protected]NVD:CVE-2009-1580

HistoryMay 14, 2009 - 5:30 p.m.

CVE-2009-1580

2009-05-1417:30:00

CWE-287

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.9%

JSON

Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.

Affected configurations

NVD

Node

squirrelmailsquirrelmailRange≤1.4.17

squirrelmailsquirrelmailMatch0.1

squirrelmailsquirrelmailMatch0.1.1

squirrelmailsquirrelmailMatch0.1.2

squirrelmailsquirrelmailMatch0.2

squirrelmailsquirrelmailMatch0.2.1

squirrelmailsquirrelmailMatch0.3

squirrelmailsquirrelmailMatch0.3.1

squirrelmailsquirrelmailMatch0.3pre1

squirrelmailsquirrelmailMatch0.3pre2

squirrelmailsquirrelmailMatch0.4

squirrelmailsquirrelmailMatch0.4pre1

squirrelmailsquirrelmailMatch0.4pre2

squirrelmailsquirrelmailMatch0.5

squirrelmailsquirrelmailMatch0.5pre1

squirrelmailsquirrelmailMatch0.5pre2

squirrelmailsquirrelmailMatch1.0

squirrelmailsquirrelmailMatch1.0.1

squirrelmailsquirrelmailMatch1.0.2

squirrelmailsquirrelmailMatch1.0.3

squirrelmailsquirrelmailMatch1.0.4

squirrelmailsquirrelmailMatch1.0.5

squirrelmailsquirrelmailMatch1.0.6

squirrelmailsquirrelmailMatch1.0pre1

squirrelmailsquirrelmailMatch1.0pre2

squirrelmailsquirrelmailMatch1.0pre3

squirrelmailsquirrelmailMatch1.1.0

squirrelmailsquirrelmailMatch1.1.2

squirrelmailsquirrelmailMatch1.1.3

squirrelmailsquirrelmailMatch1.2

squirrelmailsquirrelmailMatch1.2.0

squirrelmailsquirrelmailMatch1.2.0rc3

squirrelmailsquirrelmailMatch1.2.1

squirrelmailsquirrelmailMatch1.2.2

squirrelmailsquirrelmailMatch1.2.3

squirrelmailsquirrelmailMatch1.2.4

squirrelmailsquirrelmailMatch1.2.5

squirrelmailsquirrelmailMatch1.2.6

squirrelmailsquirrelmailMatch1.2.7

squirrelmailsquirrelmailMatch1.2.8

squirrelmailsquirrelmailMatch1.2.9

squirrelmailsquirrelmailMatch1.2.10

squirrelmailsquirrelmailMatch1.2.11

squirrelmailsquirrelmailMatch1.3.0

squirrelmailsquirrelmailMatch1.4

squirrelmailsquirrelmailMatch1.4rc1

squirrelmailsquirrelmailMatch1.4.0

squirrelmailsquirrelmailMatch1.4.0rc1

squirrelmailsquirrelmailMatch1.4.0rc2a

squirrelmailsquirrelmailMatch1.4.1

squirrelmailsquirrelmailMatch1.4.2

squirrelmailsquirrelmailMatch1.4.3

squirrelmailsquirrelmailMatch1.4.3r3

squirrelmailsquirrelmailMatch1.4.3rc1

squirrelmailsquirrelmailMatch1.4.3a

squirrelmailsquirrelmailMatch1.4.3aa

squirrelmailsquirrelmailMatch1.4.4

squirrelmailsquirrelmailMatch1.4.4rc1

squirrelmailsquirrelmailMatch1.4.5

squirrelmailsquirrelmailMatch1.4.6

squirrelmailsquirrelmailMatch1.4.6rc1

squirrelmailsquirrelmailMatch1.4.7

squirrelmailsquirrelmailMatch1.4.8.4fc6

squirrelmailsquirrelmailMatch1.4.9

squirrelmailsquirrelmailMatch1.4.9a

squirrelmailsquirrelmailMatch1.4.10a

squirrelmailsquirrelmailMatch1.4.11

squirrelmailsquirrelmailMatch1.4.12

squirrelmailsquirrelmailMatch1.4.15

squirrelmailsquirrelmailMatch1.4.15rc1

squirrelmailsquirrelmailMatch1.4.16

squirrelmailsquirrelmailMatch1.44

References

lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

secunia.com/advisories/35052

secunia.com/advisories/35073

secunia.com/advisories/35140

secunia.com/advisories/40220

squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog

squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676

support.apple.com/kb/HT4188

www.debian.org/security/2009/dsa-1802

www.mandriva.com/security/advisories?name=MDVSA-2009:110

www.securityfocus.com/bid/34916

www.squirrelmail.org/security/issue/2009-05-11

www.vupen.com/english/advisories/2009/1296

www.vupen.com/english/advisories/2010/1481

bugzilla.redhat.com/show_bug.cgi?id=500358

exchange.xforce.ibmcloud.com/vulnerabilities/50462

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10107

www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html

www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html

www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.9%

JSON

Related for NVD:CVE-2009-1580

ubuntucve1 prion1 cve1 cvelist1 nessus13 centos1 redhat1 oraclelinux1 openvas24 fedora6 debian2 securityvulns2 osv2 gentoo1