CVE-2009-1580

Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
squirrelmailsquirrelmail
𝑥
≤ 1.4.17
squirrelmailsquirrelmail
0.1
squirrelmailsquirrelmail
0.1.1
squirrelmailsquirrelmail
0.1.2
squirrelmailsquirrelmail
0.2
squirrelmailsquirrelmail
0.2.1
squirrelmailsquirrelmail
0.3
squirrelmailsquirrelmail
0.3.1
squirrelmailsquirrelmail
0.3pre1:pre1
squirrelmailsquirrelmail
0.3pre2:pre2
squirrelmailsquirrelmail
0.4
squirrelmailsquirrelmail
0.4pre1:pre1
squirrelmailsquirrelmail
0.4pre2:pre2
squirrelmailsquirrelmail
0.5
squirrelmailsquirrelmail
0.5pre1:pre1
squirrelmailsquirrelmail
0.5pre2:pre2
squirrelmailsquirrelmail
1.0
squirrelmailsquirrelmail
1.0.1
squirrelmailsquirrelmail
1.0.2
squirrelmailsquirrelmail
1.0.3
squirrelmailsquirrelmail
1.0.4
squirrelmailsquirrelmail
1.0.5
squirrelmailsquirrelmail
1.0.6
squirrelmailsquirrelmail
1.0pre1:pre1
squirrelmailsquirrelmail
1.0pre2:pre2
squirrelmailsquirrelmail
1.0pre3:pre3
squirrelmailsquirrelmail
1.1.0
squirrelmailsquirrelmail
1.1.2
squirrelmailsquirrelmail
1.1.3
squirrelmailsquirrelmail
1.2
squirrelmailsquirrelmail
1.2.0
squirrelmailsquirrelmail
1.2.0:rc3
squirrelmailsquirrelmail
1.2.1
squirrelmailsquirrelmail
1.2.2
squirrelmailsquirrelmail
1.2.3
squirrelmailsquirrelmail
1.2.4
squirrelmailsquirrelmail
1.2.5
squirrelmailsquirrelmail
1.2.6
squirrelmailsquirrelmail
1.2.7
squirrelmailsquirrelmail
1.2.8
squirrelmailsquirrelmail
1.2.9
squirrelmailsquirrelmail
1.2.10
squirrelmailsquirrelmail
1.2.11
squirrelmailsquirrelmail
1.3.0
squirrelmailsquirrelmail
1.4
squirrelmailsquirrelmail
1.4:rc1
squirrelmailsquirrelmail
1.4.0
squirrelmailsquirrelmail
1.4.0:rc1
squirrelmailsquirrelmail
1.4.0:rc2a
squirrelmailsquirrelmail
1.4.1
squirrelmailsquirrelmail
1.4.2
squirrelmailsquirrelmail
1.4.3
squirrelmailsquirrelmail
1.4.3:r3
squirrelmailsquirrelmail
1.4.3:rc1
squirrelmailsquirrelmail
1.4.3a:a
squirrelmailsquirrelmail
1.4.3aa:aa
squirrelmailsquirrelmail
1.4.4
squirrelmailsquirrelmail
1.4.4:rc1
squirrelmailsquirrelmail
1.4.5
squirrelmailsquirrelmail
1.4.6
squirrelmailsquirrelmail
1.4.6:rc1
squirrelmailsquirrelmail
1.4.7
squirrelmailsquirrelmail
1.4.8.4fc6:fc6
squirrelmailsquirrelmail
1.4.9
squirrelmailsquirrelmail
1.4.9a:a
squirrelmailsquirrelmail
1.4.10a:a
squirrelmailsquirrelmail
1.4.11
squirrelmailsquirrelmail
1.4.12
squirrelmailsquirrelmail
1.4.15
squirrelmailsquirrelmail
1.4.15:rc1
squirrelmailsquirrelmail
1.4.16
squirrelmailsquirrelmail
1.44
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
squirrelmail
karmic
not-affected
jaunty
Fixed 2:1.4.15-4ubuntu0.1
released
intrepid
Fixed 2:1.4.15-3ubuntu0.2
released
hardy
Fixed 2:1.4.13-2ubuntu1.3
released
dapper
ignored
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
http://secunia.com/advisories/35052
http://secunia.com/advisories/35073
http://secunia.com/advisories/35140
http://secunia.com/advisories/40220
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676
http://support.apple.com/kb/HT4188
http://www.debian.org/security/2009/dsa-1802
http://www.mandriva.com/security/advisories?name=MDVSA-2009:110
http://www.securityfocus.com/bid/34916
http://www.squirrelmail.org/security/issue/2009-05-11
http://www.vupen.com/english/advisories/2009/1296
http://www.vupen.com/english/advisories/2010/1481
https://bugzilla.redhat.com/show_bug.cgi?id=500358
https://exchange.xforce.ibmcloud.com/vulnerabilities/50462
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10107
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
http://secunia.com/advisories/35052
http://secunia.com/advisories/35073
http://secunia.com/advisories/35140
http://secunia.com/advisories/40220
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676
http://support.apple.com/kb/HT4188
http://www.debian.org/security/2009/dsa-1802
http://www.mandriva.com/security/advisories?name=MDVSA-2009:110
http://www.securityfocus.com/bid/34916
http://www.squirrelmail.org/security/issue/2009-05-11
http://www.vupen.com/english/advisories/2009/1296
http://www.vupen.com/english/advisories/2010/1481
https://bugzilla.redhat.com/show_bug.cgi?id=500358
https://exchange.xforce.ibmcloud.com/vulnerabilities/50462
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10107
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html