Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2008-3663
Description:Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Test IDs: 1.3.6.1.4.1.25623.1.0.62828   1.3.6.1.4.1.25623.1.0.63445   1.3.6.1.4.1.25623.1.0.63985   1.3.6.1.4.1.25623.1.0.61755   1.3.6.1.4.1.25623.1.0.61655   1.3.6.1.4.1.25623.1.0.62820   1.3.6.1.4.1.25623.1.0.61750   1.3.6.1.4.1.25623.1.0.122526  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2008-3663
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
BugTraq ID: 31321
http://www.securityfocus.com/bid/31321
Bugtraq: 20080922 Squirrelmail: Session hijacking vulnerability, CVE-2008-3663 (Google Search)
http://www.securityfocus.com/archive/1/496601/100/0/threaded
http://int21.de/cve/CVE-2008-3663-squirrelmail.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10548
http://secunia.com/advisories/33937
http://securityreason.com/securityalert/4304
SuSE Security Announcement: SUSE-SR:2008:028 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
XForce ISS Database: squirrelmail-cookie-session-hijacking(45700)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45700




© 1998-2024 E-Soft Inc. All rights reserved.