A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2009-01-21T20:00:00
Updated: 2017-09-28T12:57:01
Reserved: 2008-12-15T00:00:00
Link: CVE-2009-0030
JSON object: View
NVD Information
Status : Modified
Published: 2009-01-21T20:30:00.407
Modified: 2023-11-07T02:03:31.897
Link: CVE-2009-0030
JSON object: View
Redhat Information
No data.
CWE