exploitDog

CVE-2008-3663

Опубликовано: 24 сент. 2008

Источник: ubuntu

Приоритет: low

CVSS2: 5

Описание

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Релиз	Статус	Примечание
dapper	released	2:1.4.6-1ubuntu0.2
devel	not-affected
feisty	ignored	end of life, was needed
gutsy	released	2:1.4.10a-2ubuntu0.1
hardy	released	2:1.4.13-2ubuntu1.2
intrepid	not-affected	2:1.4.15-3
upstream	released	2:1.4.15-3

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2008-3663

5 Medium

CVSS2

Связанные уязвимости

CVE-2008-3663

redhat

почти 17 лет назад

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

CVE-2008-3663

nvd

больше 16 лет назад

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

CVE-2008-3663

debian

больше 16 лет назад

Squirrelmail 1.4.15 does not set the secure flag for the session cooki ...

GHSA-v6vw-6gwh-pprh

github

около 3 лет назад

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

ELSA-2009-0010

oracle-oval

больше 16 лет назад

ELSA-2009-0010: squirrelmail security update (MODERATE)

5 Medium

CVSS2