CVE-2008-3663

Published: Sep 24, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Affected (1)

Products: Squirrelmail: Squirrelmail

Squirrelmail

1 product

Squirrelmail

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Squirrelmail Squirrelmail	Version 1.4.15

Related CWEs

CWE-310

References (24)

http://int21.de/cve/CVE-2008-3663-squirrelmail.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Source: cve@mitre.org

http://secunia.com/advisories/33937

Source: cve@mitre.org

http://securityreason.com/securityalert/4304

Source: cve@mitre.org

http://support.apple.com/kb/HT3438

Source: cve@mitre.org

http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/496601/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/31321

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/45700

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10548

Source: cve@mitre.org

http://int21.de/cve/CVE-2008-3663-squirrelmail.html