CVE-2008-3663

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

---

CVE-2008-3663 at MITRE

Details

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

---

Novell Bugzilla entry: 429793,468787

SUSE Security Advisories:

• SUSE-SR:2008:028, published Tue, 16 Dec 2008 10:00:00 +0000
• SUSE-SR:2008:028 , published Tue, 16 Dec 2008 10:00:00 +0000
• SUSE-SR:2009:004, published Tue, 17 Feb 2009 10:00:00 +0000
• SUSE-SR:2009:004 , published Tue, 17 Feb 2009 10:00:00 +0000

Product(s)	Fixed package version(s)	References
openSUSE 10.3	squirrelmail >= 1.4.17-0.1
openSUSE 10.2	squirrelmail >= 1.4.9a-2.10
openSUSE 10.3	squirrelmail >= 1.4.10a-45.2
openSUSE 10.2	squirrelmail >= 1.4.9a-2.12

• Support Home
• Download
  • Patches
    • Patch Home
    • Patch Finder
  • Products
  • Drivers
  • Beta
  • Cool Tools
• Help yourself
  • Knowledgebase
  • Novell Support Advisor
  • Discussion Forums
  • Documentation
  • Support by Product
  • Product Support Lifecycle
  • Activate My Product
  • Bookstore
  • Technical Subscriptions
  • Support FAQ
• Let us help
  • Novell Support Programs
    • Linux Support
    • Support for MLA
    • Support for VLA
    • Support for Academic Customers
    • Support for Partners
    • Single Service Request
    • All Support Programs
  • Support from Partner
  • Open Service Request
  • Chat with Us (Non-technical questions)
• Contribute
  • Participate in Beta
  • Report a Bug
  • Share a Tip, Trick, etc.
  • Request Enhancement
  • Report Software Vulnerability
  • Provide Feedback

• Customer Center