Oval Definition:	oval:org.mitre.oval:tst:38208
Comment: squirrelmail is earlier than 0:1.4.8-5.el4_7.3 Type: rpminfo_test Namespace: linux Check_Existence: at_least_one_exists Check: at least one State Operator: AND References Object: oval:org.mitre.oval:obj:14331 State: oval:org.mitre.oval:ste:10966 Referencing Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:10107 V Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. 2013-04-29 oval:org.mitre.oval:def:10366 V A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663. 2013-04-29
BACK