Lucene search
Ubuntu.comUB:CVE-2008-3663HistorySep 24, 2008 - 12:00 a.m.
CVE-2008-3663
2008-09-2400:00:00
ubuntu.com
ubuntu.com
9
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
75.3%
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in
an https session, which can cause the cookie to be sent in http requests
and make it easier for remote attackers to capture this cookie.
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | be sure not to introduce CVE-2009-0030 when fixing this |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 6.06 | noarch | squirrelmail | < 2:1.4.6-1ubuntu0.2 | UNKNOWN |
| ubuntu | 7.10 | noarch | squirrelmail | < 2:1.4.10a-2ubuntu0.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | squirrelmail | < 2:1.4.13-2ubuntu1.2 | UNKNOWN |
Related
cve
cve
CVE-2009-0030
2009-01-21 20:30:00
CVE-2008-3663
2008-09-24 14:56:00
prion
prion
Design/Logic Flaw
2009-01-21 20:30:00
Design/Logic Flaw
2008-09-24 14:56:00
ubuntucve
ubuntucve
CVE-2009-0030
2009-01-21 00:00:00
nessus
nessus
seebug
seebug
SquirrelMail软件包会话处理绕过认证漏洞
2009-02-19 00:00:00
SquirrelMail不安全COOKE泄漏漏洞
2008-09-25 00:00:00
oraclelinux
oraclelinux
squirrelmail security update
2009-01-20 00:00:00
squirrelmail security update
2009-01-12 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2009-0057)
2015-10-08 00:00:00
CentOS Security Advisory CESA-2009:0057 (squirrelmail)
2009-01-20 00:00:00
RedHat Security Advisory RHSA-2009:0057
2009-01-20 00:00:00
veracode
veracode
Session Hijacking
2020-04-10 00:29:08
Information Disclosure
2020-04-10 00:36:07
fedora
fedora
[SECURITY] Fedora 9 Update: squirrelmail-1.4.16-1.fc9
2008-10-23 16:35:48
[SECURITY] Fedora 8 Update: squirrelmail-1.4.16-1.fc8
2008-10-24 23:48:16
[SECURITY] Fedora 9 Update: squirrelmail-1.4.17-1.fc9
2008-12-07 04:13:16
securityvulns
securityvulns
Squirrelmail: Session hijacking vulnerability, CVE-2008-3663
2008-09-24 00:00:00
freebsd
freebsd
squirrelmail -- Session hijacking vulnerability
2008-08-12 00:00:00
centos
centos
squirrelmail security update
2009-01-19 22:38:06
squirrelmail security update
2009-01-12 15:25:30
redhat
redhat
(RHSA-2009:0057) Important: squirrelmail security update
2009-01-19 00:00:00
(RHSA-2009:0010) Moderate: squirrelmail security update
2009-01-12 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
75.3%
Related for UB:CVE-2008-3663