Definition


New Search

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

oval:org.mitre.oval:def:10548

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 5
  • Red Hat Enterprise Linux 3
  • CentOS Linux 4
  • Oracle Linux 4
  • CentOS Linux 3
  • Oracle Linux 5
  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2008-3663
Product(s):