[Secure-testing-team] Bug#499942: CVE-2008-3663: Squirrelmail: Session hijacking vulnerability

Stefan Fritsch sf at sfritsch.de
Tue Sep 23 20:54:09 UTC 2008

Previous message: [Secure-testing-team] Bug#499899: fraad2: heap overflow
Next message: [Secure-testing-team] Bug#500087: CVE-2008-4107: The rand and mt_rand functions in PHP produce weak random numbers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Package: squirrelmail
Version: 2:1.4.9a-2
Severity: grave
Tags: security
Justification: user security hole


Squirrelmail does not set the secure flag for its session cookie when accessed
over https. See

http://int21.de/cve/CVE-2008-3663-squirrelmail.html

Previous message: [Secure-testing-team] Bug#499899: fraad2: heap overflow
Next message: [Secure-testing-team] Bug#500087: CVE-2008-4107: The rand and mt_rand functions in PHP produce weak random numbers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Secure-testing-team mailing list