CVE-2009-0030

2009-01-2100:00:00

ubuntu.com

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.2%

JSON

A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID
cookie value for all sessions, which allows remote authenticated users to
access other users’ folder lists and configuration data in opportunistic
circumstances by using the standard webmail.php interface. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2008-3663.