SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2009-1580

Date: (C)2009-05-14 (M)2024-02-09

Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE

Reference:

APPLE-SA-2010-06-15-1

FEDORA-2009-4870

FEDORA-2009-4875

FEDORA-2009-4880

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676

http://support.apple.com/kb/HT4188

http://www.squirrelmail.org/security/issue/2009-05-11

https://bugzilla.redhat.com/show_bug.cgi?id=500358

oval:org.mitre.oval:def:10107

squirrelmail-baseuri-session-hijacking(50462)

cpe:/a:squirrelmail:squirrelmail

oval:org.secpod.oval:def:600347
oval:org.secpod.oval:def:102361
oval:org.secpod.oval:def:101738
oval:org.secpod.oval:def:101536
...

© SecPod Technologies