A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2009-01-21T20:00:00
Updated: 2024-08-07T04:17:10.225Z
Reserved: 2008-12-15T00:00:00
Link: CVE-2009-0030
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-01-21T20:30:00.407
Modified: 2024-11-21T00:58:54.437
Link: CVE-2009-0030
Redhat