CVE-2009-0030

NONECVSS 0.0

0.0

A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.

🔗 References (18)

secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
secalert@redhathttp://secunia.com/advisories/33611
secalert@redhathttp://securitytracker.com/id?1021611
secalert@redhathttp://www.securityfocus.com/bid/33354
secalert@redhathttps://bugzilla.redhat.com/show_bug.cgi?id=480224
secalert@redhathttps://bugzilla.redhat.com/show_bug.cgi?id=480488
secalert@redhathttps://exchange.xforce.ibmcloud.com/vulnerabilities/48115
secalert@redhathttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10366
secalert@redhathttps://rhn.redhat.com/errata/RHSA-2009-0057.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33611
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1021611
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/33354
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=480224
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=480488

Is Your Infrastructure Affected by CVE-2009-0030?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-0030

📅 Published

🔄 Last Modified

🔗 References (18)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-0030?