Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3663

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3663
Last Modified 21 Aug 2010 01:23:02
Published 24 Sep 2008 10:56:52
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3663

Summary

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Vulnerable Systems

Application

  • Squirrelmail 1.4.15


References

XF - squirrelmail-cookie-session-hijacking(45700)

BID - 31321

BUGTRAQ - 20080922 Squirrelmail: Session hijacking vulnerability, CVE-2008-3663

CONFIRM - http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html

CONFIRM - http://support.apple.com/kb/HT3438

SREASON - 4304

SECUNIA - 33937

SUSE - SUSE-SR:2009:004

SUSE - SUSE-SR:2008:028

APPLE - APPLE-SA-2009-02-12

MISC - http://int21.de/cve/CVE-2008-3663-squirrelmail.html

Related Patches

Apple 2009-02-12 Security Update 2009-001 Server (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 Server (Tiger Intel)

Red Hat 2009:0010-06 RHSA Moderate: squirrelmail security update for RHEL 5 x86


Last Updated: 27 May 2016 10:48:16