CVE-2009-0030

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SquirrelMail version 1.4.8

Description The issue allows remote authenticated users to access other users' folder lists and configuration data under certain circumstances by using the standard webmail.php interface. This occurs because a Red Hat patch for SquirrelMail sets the same SQMSESSID cookie value for all sessions.

Recommendations For SquirrelMail version 1.4.8, consider disabling the use of the SQMSESSID cookie until a proper fix is applied to prevent unauthorized access to user data. Restrict access to the webmail.php interface to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2009-0030

RHSA-2009:0057

RHSA-2009_0057

Affected Products

Red Hat

Squirrelmail

CVE-2009-0030

Weakness Enumeration

Related Identifiers

Affected Products

References · 14