Hastymail2 Session Cookie Security Bypass Vulnerability Network Vulnerability

Summary

The host is running Hastymail2 and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow remote attackers to capture this cookie by intercepting its transmission within an HTTP session. Impact Level: Application

Solution

Upgrade to the Hastymail2 RC 8 or later For updates refer to http://www.hastymail.org/blogs/News/

Insight

The flaw is due to error in handling of session cookie, which fails to set the secure flag for the session cookie in an HTTPS session.

Affected

Hastymail2 version prior to RC 8

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-5051
http://www.hastymail.org/security/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-5051

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

A Really Simple Chat Multiple XSS Vulnerabilities
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Apache Archiva Home Page Cross-Site Scripting vulnerability
Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities

Take action and discover your vulnerabilities