Hastymail2 Session Cookie Security Bypass Vulnerability Network Vulnerability

Summary

The host is running Hastymail2 and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow remote attackers to capture this cookie by intercepting its transmission within an HTTP session. Impact Level: Application

Solution

Upgrade to the Hastymail2 RC 8 or later For updates refer to http://www.hastymail.org/blogs/News/

Insight

The flaw is due to error in handling of session cookie, which fails to set the secure flag for the session cookie in an HTTPS session.

Affected

Hastymail2 version prior to RC 8

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-5051
http://www.hastymail.org/security/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-5051

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
AlienForm CGI script
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
Apache Tomcat NIO Connector Denial of Service Vulnerability
Apache OFBiz Multiple Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities