Lucene search

K

RedhatCVELIST:CVE-2009-0030

HistoryJan 21, 2009 - 8:00 p.m.

CVE-2009-0030

2009-01-2120:00:00

redhat

www.cve.org

2

7.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users’ folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.

References

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

secunia.com/advisories/33611

securitytracker.com/id?1021611

www.securityfocus.com/bid/33354

bugzilla.redhat.com/show_bug.cgi?id=480224

bugzilla.redhat.com/show_bug.cgi?id=480488

exchange.xforce.ibmcloud.com/vulnerabilities/48115

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10366

rhn.redhat.com/errata/RHSA-2009-0057.html

7.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

Related for CVELIST:CVE-2009-0030

nessus19 ubuntucve2 prion2 seebug2 cve2 nvd2 openvas43 oraclelinux2 fedora6 cvelist1 veracode2 securityvulns2 freebsd1 redhat2 centos2