CVE-2008-3663 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-3663 Interim 1 5 2023-12-09T02:08:35Z current 2021-05-30T12:43:36Z 2023-12-09T02:08:35Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-3663 Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NIK4BZT6YITEWB6IF5RJXCVSZQBMGCOT/#NIK4BZT6YITEWB6IF5RJXCVSZQBMGCOT E-Mail link for SUSE-SR:2008:028 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BPPEFMFC7GCUUZ5CIPX7VFYKXZCRGT5N/#BPPEFMFC7GCUUZ5CIPX7VFYKXZCRGT5N E-Mail link for SUSE-SR:2009:004 https://www.suse.com/support/security/rating/ SUSE Security Ratings Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. CVE-2008-3663 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N