6.5

CVE-2009-0030

EPSS 1.05%
Published 21.01.2009 20:30:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Squirrelmail ≫ Squirrelmail Version1.4.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.05%	0.769

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://secunia.com/advisories/33611

Vendor Advisory

http://securitytracker.com/id?1021611

http://www.securityfocus.com/bid/33354

https://bugzilla.redhat.com/show_bug.cgi?id=480224

https://bugzilla.redhat.com/show_bug.cgi?id=480488

https://exchange.xforce.ibmcloud.com/vulnerabilities/48115

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10366

https://rhn.redhat.com/errata/RHSA-2009-0057.html

https://nvd.nist.gov/vuln/detail/CVE-2009-0030

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0030

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0030

EUVD