|
|
Subscribe / Log in / New account

squirrelmail: session handling flaw

Package(s):squirrelmail CVE #(s):CVE-2009-0030
Created:January 20, 2009 Updated:February 17, 2009
Description: From the Red Hat advisory: The Red Hat SquirrelMail packages provided by the RHSA-2009:0010 advisory introduced a session handling flaw. Users who logged back into SquirrelMail without restarting their web browsers were assigned fixed session identifiers. A remote attacker could make use of that flaw to hijack user sessions.
Alerts:
SuSE SUSE-SR:2009:004 apache, audacity, dovecot, libtiff-devel, libvirt, mediawiki, netatalk, novell-ipsec-tools,opensc, perl, phpPgAdmin, sbl, sblim-sfcb, squirrelmail, swfdec, tomcat5, virtualbox, websphere-as_ce, wine, xine-devel 2009-02-17
CentOS CESA-2009:0057 squirrelmail 2009-01-19
Red Hat RHSA-2009:0057-01 squirrelmail 2009-01-19

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds