CVE-2009-5051
Hastymail2 pre-RC8 is vulnerable: in HTTPS sessions the session cookie is not marked Secure, enabling potential interception of the cookie in transit. The OpenVAS entries describe a session-cookie security bypass; no concrete exploit details or patch/version fixes are provided in the supplied doc...