This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing a security update.
The Red Hat SquirrelMail packages provided by the RHSA-2009:0010
advisory introduced a session handling flaw. Users who logged back
into SquirrelMail without restarting their web browsers were assigned
fixed session identifiers. A remote attacker could make use of that
flaw to hijack user sessions. (CVE-2009-0030)
See also :
Update the affected squirrelmail package.
Risk factor :
Medium / CVSS Base Score : 6.5
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60522 ()
CVE ID: CVE-2009-0030
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.