Stefan Fritsch
2008-Sep-23 20:54 UTC
[Secure-testing-team] Bug#499942: CVE-2008-3663: Squirrelmail: Session hijacking vulnerability
Package: squirrelmail Version: 2:1.4.9a-2 Severity: grave Tags: security Justification: user security hole Squirrelmail does not set the secure flag for its session cookie when accessed over https. See http://int21.de/cve/CVE-2008-3663-squirrelmail.html