Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:23784
HistoryApr 10, 2020 - 12:36 a.m.

Information Disclosure

2020-04-1000:36:07
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

squirrelmail is vulnerable to information disclosure. It was discovered that SquirrelMail allowed cookies over insecure connections (ie did not restrict cookies to HTTPS connections). An attacker who controlled the communication channel between a user and the SquirrelMail server, or who was able to sniff the user’s network communication, could use this flaw to obtain the user’s session cookie, if a user made an HTTP request to the server.

References

Related

fedora 6
nessus 14
openvas 33
securityvulns 2
freebsd 1
seebug 2
prion 2
cve 2
redhat 1
oraclelinux 2
centos 1
ubuntucve 2
fedora
fedora
[SECURITY] Fedora 9 Update: squirrelmail-1.4.16-1.fc9
2008-10-23 16:35:48
[SECURITY] Fedora 9 Update: squirrelmail-1.4.17-1.fc9
2008-12-07 04:13:16
[SECURITY] Fedora 8 Update: squirrelmail-1.4.16-1.fc8
2008-10-24 23:48:16
nessus
nessus
FreeBSD : squirrelmail -- Session hijacking vulnerability (a0afb4b9-89a1-11dd-a65b-00163e000016)
2008-09-24 00:00:00
Fedora 9 : squirrelmail-1.4.16-1.fc9 (2008-8559)
2008-10-24 00:00:00
openSUSE 10 Security Update : squirrelmail (squirrelmail-5778)
2008-11-18 00:00:00
openvas
openvas
Fedora Update for squirrelmail FEDORA-2008-8559
2009-02-17 00:00:00
Fedora Update for squirrelmail FEDORA-2008-8559
2009-02-17 00:00:00
FreeBSD Ports: squirrelmail
2008-09-24 00:00:00
securityvulns
securityvulns
Squirrelmail: Session hijacking vulnerability, CVE-2008-3663
2008-09-24 00:00:00
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2008-09-24 00:00:00
freebsd
freebsd
squirrelmail -- Session hijacking vulnerability
2008-08-12 00:00:00
seebug
seebug
SquirrelMail不安全COOKE泄漏漏洞
2008-09-25 00:00:00
SquirrelMail软件包会话处理绕过认证漏洞
2009-02-19 00:00:00
prion
prion
Design/Logic Flaw
2008-09-24 14:56:00
Design/Logic Flaw
2009-01-21 20:30:00
cve
cve
CVE-2008-3663
2008-09-24 14:56:00
CVE-2009-0030
2009-01-21 20:30:00
redhat
redhat
(RHSA-2009:0010) Moderate: squirrelmail security update
2009-01-12 00:00:00
oraclelinux
oraclelinux
squirrelmail security update
2009-01-12 00:00:00
squirrelmail security update
2009-01-20 00:00:00
centos
centos
squirrelmail security update
2009-01-12 15:25:30
ubuntucve
ubuntucve
CVE-2008-3663
2008-09-24 00:00:00
CVE-2009-0030
2009-01-21 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON
Related for VERACODE:23784
fedora6nessus14openvas33securityvulns2freebsd1seebug2prion2cve2redhat1oraclelinux2centos1ubuntucve2