Published: 21/01/2009 Updated: 07/11/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squirrelmail squirrelmail 1.4.8

Synopsis Important: squirrelmail security update Type/Severity Security Advisory: Important Topic An updated squirrelmail package that fixes a security issue is nowavailable for Red Hat Enterprise Linux 3, 4 and 5This update has been rated as having important security impact by the RedHat Security Response ...

CWE-287 http://securitytracker.com/id?1021611 https://rhn.redhat.com/errata/RHSA-2009-0057.html https://bugzilla.redhat.com/show_bug.cgi?id=480488 https://bugzilla.redhat.com/show_bug.cgi?id=480224 http://www.securityfocus.com/bid/33354 http://secunia.com/advisories/33611 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html https://exchange.xforce.ibmcloud.com/vulnerabilities/48115 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10366 https://access.redhat.com/errata/RHSA-2009:0057 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-0030

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect