Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:4796
HistoryFeb 19, 2009 - 12:00 a.m.

SquirrelMail软件包会话处理绕过认证漏洞

2009-02-1900:00:00
Root
www.seebug.org
24

0.005 Low

EPSS

Percentile

73.7%

JSON

BUGTRAQ ID: 33354
CVE(CAN) ID: CVE-2009-0030

SquirrelMail是一款PHP编写的WEBMAIL程序。

Red Hat为CVE-2008-3663所提供的修复导致SquirrelMail对所有的会话都设置了相同的SQMSESSID Cookie值,这允许通过认证的远程用户通过使用标准的webmail.php接口访问其他用户的文件夹列表和配置数据。

SquirrelMail 1.4.8
厂商补丁:

RedHat

RedHat已经为此发布了一个安全公告(RHSA-2009:0057-01)以及相应补丁:
RHSA-2009:0057-01:Important: squirrelmail security update
链接:<a href=“https://www.redhat.com/support/errata/RHSA-2009-0057.html” target=“_blank”>https://www.redhat.com/support/errata/RHSA-2009-0057.html</a>

Related

nessus 19
ubuntucve 2
prion 2
cve 2
openvas 43
oraclelinux 2
veracode 2
fedora 6
securityvulns 2
freebsd 1
seebug 1
redhat 2
centos 2
nessus
nessus
openSUSE 10 Security Update : squirrelmail (squirrelmail-5978)
2009-02-05 00:00:00
Fedora 9 : squirrelmail-1.4.16-1.fc9 (2008-8559)
2008-10-24 00:00:00
FreeBSD : squirrelmail -- Session hijacking vulnerability (a0afb4b9-89a1-11dd-a65b-00163e000016)
2008-09-24 00:00:00
ubuntucve
ubuntucve
CVE-2008-3663
2008-09-24 00:00:00
CVE-2009-0030
2009-01-21 00:00:00
prion
prion
Design/Logic Flaw
2009-01-21 20:30:00
Design/Logic Flaw
2008-09-24 14:56:00
cve
cve
CVE-2009-0030
2009-01-21 20:30:00
CVE-2008-3663
2008-09-24 14:56:00
openvas
openvas
Oracle: Security Advisory (ELSA-2009-0057)
2015-10-08 00:00:00
CentOS Security Advisory CESA-2009:0057 (squirrelmail)
2009-01-20 00:00:00
CentOS Update for squirrelmail CESA-2009:0057 centos4 i386
2011-08-09 00:00:00
oraclelinux
oraclelinux
squirrelmail security update
2009-01-20 00:00:00
squirrelmail security update
2009-01-12 00:00:00
veracode
veracode
Session Hijacking
2020-04-10 00:29:08
Information Disclosure
2020-04-10 00:36:07
fedora
fedora
[SECURITY] Fedora 9 Update: squirrelmail-1.4.16-1.fc9
2008-10-23 16:35:48
[SECURITY] Fedora 9 Update: squirrelmail-1.4.17-1.fc9
2008-12-07 04:13:16
[SECURITY] Fedora 8 Update: squirrelmail-1.4.16-1.fc8
2008-10-24 23:48:16
securityvulns
securityvulns
Squirrelmail: Session hijacking vulnerability, CVE-2008-3663
2008-09-24 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2008-09-24 00:00:00
freebsd
freebsd
squirrelmail -- Session hijacking vulnerability
2008-08-12 00:00:00
seebug
seebug
SquirrelMail不安全COOKE泄漏漏洞
2008-09-25 00:00:00
redhat
redhat
(RHSA-2009:0057) Important: squirrelmail security update
2009-01-19 00:00:00
(RHSA-2009:0010) Moderate: squirrelmail security update
2009-01-12 00:00:00
centos
centos
squirrelmail security update
2009-01-19 22:38:06
squirrelmail security update
2009-01-12 15:25:30

0.005 Low

EPSS

Percentile

73.7%

JSON
Related for SSV:4796
nessus19ubuntucve2prion2cve2openvas43oraclelinux2veracode2fedora6securityvulns2freebsd1seebug1redhat2centos2