REDHAT-BUG-464183
First published: Fri Sep 26 2008(Updated: )
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. Reference: BUGTRAQ:20080922 Squirrelmail: Session hijacking vulnerability, <a href="https://access.redhat.com/security/cve/CVE-2008-3663">CVE-2008-3663</a> Reference: URL:<a href="http://www.securityfocus.com/archive/1/archive/1/496601/100/0/threaded">http://www.securityfocus.com/archive/1/archive/1/496601/100/0/threaded</a> Reference: MISC:<a href="http://int21.de/cve/CVE-2008-3663-squirrelmail.html">http://int21.de/cve/CVE-2008-3663-squirrelmail.html</a> Reference: BID:31321 Reference: URL:<a href="http://www.securityfocus.com/bid/31321">http://www.securityfocus.com/bid/31321</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SquirrelMail |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2008-3663
- http://www.securityfocus.com/archive/1/archive/1/496601/100/0/threaded
- http://int21.de/cve/CVE-2008-3663-squirrelmail.html
- http://www.securityfocus.com/bid/31321
- http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13290
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=321469&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=321469&action=edit
- http://www.squirrelmail.org/security/issue/2008-09-28
- http://rhn.redhat.com/errata/RHSA-2009-0010.html
- https://admin.fedoraproject.org/updates/F9/FEDORA-2008-8559
- https://bugzilla.redhat.com/show_bug.cgi?id=464183
Frequently Asked Questions
What is the severity of REDHAT-BUG-464183?
The severity of REDHAT-BUG-464183 is considered high due to the potential for session hijacking.
How do I fix REDHAT-BUG-464183?
To fix REDHAT-BUG-464183, upgrade SquirrelMail to a version that sets the secure flag on session cookies.
What is the impact of REDHAT-BUG-464183?
The impact of REDHAT-BUG-464183 is that it allows remote attackers to capture session cookies, leading to possible session hijacking.
Which version of SquirrelMail is affected by REDHAT-BUG-464183?
SquirrelMail version 1.4.15 is affected by REDHAT-BUG-464183.
Can REDHAT-BUG-464183 be exploited remotely?
Yes, REDHAT-BUG-464183 can be exploited remotely, allowing attackers to intercept session cookies.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-3663
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/squirrelmail
- canonical/squirrelmail