Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0030


Vulnerability Score 6.5 6.5
CVE Id CVE-2009-0030
Last Modified 21 Aug 2010 01:29:35
Published 21 Jan 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE



A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.

Vulnerable Systems


  • Squirrelmail 1.4.8


REDHAT - RHSA-2009:0057



XF - squirrelmail-sessionid-session-hijacking(48115)

BID - 33354

SECTRACK - 1021611

SECUNIA - 33611

SUSE - SUSE-SR:2009:004

Related Patches

Red Hat 2009:0057-03 RHSA Important: squirrelmail security update for RHEL 5 x86

Novell SUSE 2009:6563 firefox35upgrade security update for SLE 10 SP3 i586

Last Updated: 27 May 2016 10:49:33