Lucene search

K

[email protected]NVD:CVE-2009-0030

HistoryJan 21, 2009 - 8:30 p.m.

CVE-2009-0030

2009-01-2120:30:00

CWE-287

[email protected]

web.nvd.nist.gov

1

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users’ folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.

Affected configurations

NVD

Node

squirrelmailsquirrelmailMatch1.4.8

References

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

secunia.com/advisories/33611

securitytracker.com/id?1021611

www.securityfocus.com/bid/33354

bugzilla.redhat.com/show_bug.cgi?id=480224

bugzilla.redhat.com/show_bug.cgi?id=480488

exchange.xforce.ibmcloud.com/vulnerabilities/48115

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10366

rhn.redhat.com/errata/RHSA-2009-0057.html

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

Related for NVD:CVE-2009-0030

seebug2 prion2 ubuntucve2 cve2 nessus19 cvelist2 oraclelinux2 openvas43 fedora6 nvd1 veracode2 securityvulns2 freebsd1 redhat2 centos2