[Secure-testing-team] Bug#499942: CVE-2008-3663: Squirrelmail: Session hijacking vulnerability

Tue, 23 Sep 2008 13:59:02 -0700 

Package: squirrelmail
Version: 2:1.4.9a-2
Severity: grave
Tags: security
Justification: user security hole


Squirrelmail does not set the secure flag for its session cookie when accessed
over https. See

http://int21.de/cve/CVE-2008-3663-squirrelmail.html



_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team

Reply via email to