Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2009-1580

Published: 14/05/2009 Updated: 29/09/2017
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Squirrelmail

Vulnerability Summary

Session fixation vulnerability in SquirrelMail prior to 1.4.18 allows remote malicious users to hijack web sessions via a crafted cookie.

Vulnerable Product Search on Vulmon Subscribe to Product

squirrelmail squirrelmail 0.3

squirrelmail squirrelmail 0.3.1

squirrelmail squirrelmail 1.0.4

squirrelmail squirrelmail 1.0.5

squirrelmail squirrelmail 1.2.0

squirrelmail squirrelmail 1.2.1

squirrelmail squirrelmail 1.2.7

squirrelmail squirrelmail 1.2.8

squirrelmail squirrelmail 1.4.1

squirrelmail squirrelmail 1.4.10a

squirrelmail squirrelmail 1.4.2

squirrelmail squirrelmail 1.4.3

squirrelmail squirrelmail 1.4.6

squirrelmail squirrelmail 1.0pre3

squirrelmail squirrelmail 1.0pre2

squirrelmail squirrelmail 0.3pre2

squirrelmail squirrelmail 0.4

squirrelmail squirrelmail 0.5

squirrelmail squirrelmail 1.0.6

squirrelmail squirrelmail 1.1.0

squirrelmail squirrelmail 1.2.10

squirrelmail squirrelmail 1.2.11

squirrelmail squirrelmail 1.2.9

squirrelmail squirrelmail 1.3.0

squirrelmail squirrelmail 1.4.11

squirrelmail squirrelmail 1.4.12

squirrelmail squirrelmail 1.4.7

squirrelmail squirrelmail 1.4.8.4fc6

squirrelmail squirrelmail 1.0pre1

squirrelmail squirrelmail 0.5pre2

squirrelmail squirrelmail 0.1

squirrelmail squirrelmail 0.1.1

squirrelmail squirrelmail 1.0

squirrelmail squirrelmail 1.0.1

squirrelmail squirrelmail 1.1.2

squirrelmail squirrelmail 1.1.3

squirrelmail squirrelmail 1.2.2

squirrelmail squirrelmail 1.2.3

squirrelmail squirrelmail 1.4

squirrelmail squirrelmail 1.4.0

squirrelmail squirrelmail 1.4.15

squirrelmail squirrelmail 1.4.3a

squirrelmail squirrelmail 1.4.3aa

squirrelmail squirrelmail 1.4.4

squirrelmail squirrelmail 1.4.9

squirrelmail squirrelmail 1.4.9a

squirrelmail squirrelmail 0.5pre1

squirrelmail squirrelmail 0.4pre2

squirrelmail squirrelmail 0.1.2

squirrelmail squirrelmail 0.2

squirrelmail squirrelmail 0.2.1

squirrelmail squirrelmail 1.0.2

squirrelmail squirrelmail 1.0.3

squirrelmail squirrelmail 1.2

squirrelmail squirrelmail 1.2.4

squirrelmail squirrelmail 1.2.5

squirrelmail squirrelmail 1.2.6

squirrelmail squirrelmail 1.4.16

squirrelmail squirrelmail

squirrelmail squirrelmail 1.4.5

squirrelmail squirrelmail 1.44

squirrelmail squirrelmail 0.4pre1

squirrelmail squirrelmail 0.3pre1

Vendor Advisories

Red Hat: Important: squirrelmail security update
Synopsis Important: squirrelmail security update Type/Severity Security Advisory: Important Topic An updated squirrelmail package that fixes a security issue is nowavailable for Red Hat Enterprise Linux 3, 4 and 5This update has been rated as having important security impact by the RedHat Security Response ...
Debian CVElist Bug Report Logs: [squirrelmail] Please bring latest security-fix release 1.4.18
Debian Bug report logs - #528528 [squirrelmail] Please bring latest security-fix release 1418 Package: squirrelmail; Maintainer for squirrelmail is Jeroen van Wolffelaar <jeroen@wolffelaarnl>; Source for squirrelmail is src:squirrelmail (PTS, buildd, popcon) Reported by: Philippe Teuwen <phil@teuwenorg> Date: Wed ...
Debian Security Advisories: DSA-1802-2 squirrelmail -- several vulnerabilities
Several remote vulnerabilities have been discovered in SquirrelMail, a webmail application The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1578 Cross site scripting was possible through a number of pages which allowed an attacker to steal sensitive session data CVE-2009-1579, CVE-2009-1381 ...

References

CWE-287http://secunia.com/advisories/35073https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.htmlhttp://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676http://secunia.com/advisories/35052http://www.securityfocus.com/bid/34916http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLoghttp://www.squirrelmail.org/security/issue/2009-05-11https://bugzilla.redhat.com/show_bug.cgi?id=500358http://www.mandriva.com/security/advisories?name=MDVSA-2009:110https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.htmlhttp://www.vupen.com/english/advisories/2009/1296http://www.debian.org/security/2009/dsa-1802http://secunia.com/advisories/35140https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.htmlhttp://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlhttp://www.vupen.com/english/advisories/2010/1481http://support.apple.com/kb/HT4188http://secunia.com/advisories/40220https://exchange.xforce.ibmcloud.com/vulnerabilities/50462https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10107https://access.redhat.com/errata/RHSA-2009:0057https://nvd.nist.govhttps://www.debian.org/security/./dsa-1802
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook