CVE-2006-3665 Information

Description

SquirrelMail 1.4.6 and earlier with register_globals enabled allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while \cookie theft\ is frequently associated with XSS the vendor disclosure is too vague to be certain of this.

Reference

http://www.securityfocus.com/bid/17005 http://www.squirrelmail.org/changelog.php http://www.vupen.com/english/advisories/2006/2708 https://exchange.xforce.ibmcloud.com/vulnerabilities/27632