Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:4093
HistorySep 25, 2008 - 12:00 a.m.

SquirrelMail不安全COOKE泄漏漏洞

2008-09-2500:00:00
Root
www.seebug.org
20

0.005 Low

EPSS

Percentile

75.5%

JSON

BUGTRAQ ID: 31321
CVE ID:CVE-2008-3663
CNCVE ID:CNCVE-20083663

SquirrelMail是一款基于PHP的WEB邮件服务程序。
SquirrelMail不安全处理COOKIE数据,远程攻击者可以利用漏洞获得敏感信息,窃取COOKIE验证敏感条文,进行会话劫持攻击。
当配置WEB应用程序只使用SSL时(如转向所有HTTP请求到HTTPS),用户可以不能通过嗅探来进行截获。
要因此变的更安全,需要设置会话COOKIE标有安全标记,否则如果目标用户浏览器在同一域上只进行单个HTTP请求,COOKIE会通过HTTP传送。
Squirrelmail没有设置此标记,可导致通过HTTP传送的COOKIE被嗅探到。

SquirrelMail 1.4.15
根据报告Squirrelmail 1.5 test版本已经修正此漏洞:
<a href=“http://www.squirrelmail.org/” target=“_blank”>http://www.squirrelmail.org/</a>

Related

openvas 33
securityvulns 2
veracode 1
freebsd 1
nessus 14
nvd 2
fedora 6
cvelist 2
cve 2
prion 2
ubuntucve 2
centos 1
seebug 1
oraclelinux 2
redhat 1
openvas
openvas
FreeBSD Ports: squirrelmail
2008-09-24 00:00:00
Mandrake Security Advisory MDVSA-2009:053 (squirrelmail)
2009-03-02 00:00:00
FreeBSD Ports: squirrelmail
2008-09-24 00:00:00
securityvulns
securityvulns
Squirrelmail: Session hijacking vulnerability, CVE-2008-3663
2008-09-24 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2008-09-24 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:36:07
freebsd
freebsd
squirrelmail -- Session hijacking vulnerability
2008-08-12 00:00:00
nessus
nessus
openSUSE 10 Security Update : squirrelmail (squirrelmail-5778)
2008-11-18 00:00:00
openSUSE 10 Security Update : squirrelmail (squirrelmail-5792)
2008-11-21 00:00:00
FreeBSD : squirrelmail -- Session hijacking vulnerability (a0afb4b9-89a1-11dd-a65b-00163e000016)
2008-09-24 00:00:00
nvd
nvd
CVE-2008-3663
2008-09-24 14:56:52
CVE-2009-0030
2009-01-21 20:30:00
fedora
fedora
[SECURITY] Fedora 9 Update: squirrelmail-1.4.16-1.fc9
2008-10-23 16:35:48
[SECURITY] Fedora 8 Update: squirrelmail-1.4.16-1.fc8
2008-10-24 23:48:16
[SECURITY] Fedora 9 Update: squirrelmail-1.4.17-1.fc9
2008-12-07 04:13:16
cvelist
cvelist
CVE-2008-3663
2008-09-24 14:00:00
CVE-2009-0030
2009-01-21 20:00:00
cve
cve
CVE-2008-3663
2008-09-24 14:56:52
CVE-2009-0030
2009-01-21 20:30:00
prion
prion
Design/Logic Flaw
2008-09-24 14:56:00
Design/Logic Flaw
2009-01-21 20:30:00
ubuntucve
ubuntucve
CVE-2008-3663
2008-09-24 00:00:00
CVE-2009-0030
2009-01-21 00:00:00
centos
centos
squirrelmail security update
2009-01-12 15:25:30
seebug
seebug
SquirrelMail软件包会话处理绕过认证漏洞
2009-02-19 00:00:00
oraclelinux
oraclelinux
squirrelmail security update
2009-01-12 00:00:00
squirrelmail security update
2009-01-20 00:00:00
redhat
redhat
(RHSA-2009:0010) Moderate: squirrelmail security update
2009-01-12 00:00:00

0.005 Low

EPSS

Percentile

75.5%

JSON
Related for SSV:4093
openvas33securityvulns2veracode1freebsd1nessus14nvd2fedora6cvelist2cve2prion2ubuntucve2centos1seebug1oraclelinux2redhat1