squirrelmail: session handling flaw
Package(s): | squirrelmail |
CVE #(s): | CVE-2009-0030
|
Created: | January 20, 2009 |
Updated: | February 17, 2009 |
Description: |
From the Red Hat advisory: The Red Hat SquirrelMail packages provided by the RHSA-2009:0010 advisory introduced a session handling flaw. Users who logged back into SquirrelMail without restarting their web browsers were assigned fixed session identifiers. A remote attacker could make use of that flaw to hijack user sessions.
|
Alerts: |
SuSE |
SUSE-SR:2009:004 |
apache, audacity, dovecot, libtiff-devel, libvirt, mediawiki, netatalk, novell-ipsec-tools,opensc, perl, phpPgAdmin, sbl, sblim-sfcb, squirrelmail, swfdec, tomcat5, virtualbox, websphere-as_ce, wine, xine-devel |
2009-02-17 |
CentOS |
CESA-2009:0057 |
squirrelmail |
2009-01-19 |
Red Hat |
RHSA-2009:0057-01 |
squirrelmail |
2009-01-19 |
|