Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-0030
HistoryJan 21, 2009 - 12:00 a.m.

CVE-2009-0030

2009-01-2100:00:00
ubuntu.com
ubuntu.com
15

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS

0.005

Percentile

76.4%

A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID
cookie value for all sessions, which allows remote authenticated users to
access other users’ folder lists and configuration data in opportunistic
circumstances by using the standard webmail.php interface. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2008-3663.

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS

0.005

Percentile

76.4%