First published: Tue May 12 2009(Updated: )
From SquirrelMail vulnerability report: An issue was fixed that allowed an attacker to possibly steal user data by hijacking the SquirrelMail login session. Credits: Tomas Hoger Patch: <a href="http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676">http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676</a>
Affected Software | Affected Version | How to fix |
---|---|---|
SquirrelMail |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of REDHAT-BUG-500358 is considered critical due to the potential for user data theft through session hijacking.
To fix REDHAT-BUG-500358, update your SquirrelMail installation to the latest version that includes the security patch.
REDHAT-BUG-500358 affects various versions of SquirrelMail prior to the patch release, particularly version 1.4.18 and earlier.
Yes, if exploited, REDHAT-BUG-500358 can lead to data breaches by allowing attackers to hijack user sessions.
The vulnerability in REDHAT-BUG-500358 was reported by Tomas Hoger.