Session Hijacking

2020-04-1000:29:08

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

JSON

squirrelmail is vulnerable to session hijacking. The vulnerability exists as the Red Hat SquirrelMail packages provided by the RHSA-2009:0010 advisory introduced a session handling flaw. Users who logged back into SquirrelMail without restarting their web browsers were assigned fixed session identifiers. A remote attacker could make use of that flaw to hijack user sessions.

CPENameOperatorVersion
squirrelmaileq1.4.8__4.0.1.el4
squirrelmaileq1.4.8__4.el4
squirrelmaileq1.4.8__2.el3
squirrelmaileq1.4.6__5.el4
squirrelmaileq1.4.6__5.el3
squirrelmaileq1.4.6__7.el3
squirrelmaileq1.4.8__4.el5
squirrelmaileq1.4.8__2.el4
squirrelmaileq1.4.6__7.el4
squirrelmaileq1.4.8__6.el3

Name	Operator	Version
squirrelmail	eq	1.4.8__4.0.1.el4
squirrelmail	eq	1.4.8__4.el4
squirrelmail	eq	1.4.8__2.el3
squirrelmail	eq	1.4.6__5.el4
squirrelmail	eq	1.4.6__5.el3
squirrelmail	eq	1.4.6__7.el3
squirrelmail	eq	1.4.8__4.el5
squirrelmail	eq	1.4.8__2.el4
squirrelmail	eq	1.4.6__7.el4
squirrelmail	eq	1.4.8__6.el3