Vulnerability in Hastymail Hastymail2

CVE-2009-5051

Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

EPSS: 0.003 (48.6th percentile) — read the EPSS interpretation.

Affected products

Hastymail Hastymail2
N/a — versions n/a

Weakness classification (CWE)

CWE-16

References

hastymail2-cookie-weak-security(64891) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_CONFIRM, Patch)