CVE-2008-3663
Published: 24 September 2008
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Notes
Author | Note |
---|---|
jdstrand | be sure not to introduce CVE-2009-0030 when fixing this |
Priority
Status
Package | Release | Status |
---|---|---|
squirrelmail Launchpad, Ubuntu, Debian |
dapper |
Released
(2:1.4.6-1ubuntu0.2)
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(2:1.4.10a-2ubuntu0.1)
|
|
hardy |
Released
(2:1.4.13-2ubuntu1.2)
|
|
intrepid |
Not vulnerable
(2:1.4.15-3)
|
|
upstream |
Released
(2:1.4.15-3)
|