MOABI : Continuous Software Improvement

CVE-2009-5051
Description	Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Impact	CVSS v2 : 5 MEDIUM
Type	CWE-16
Attack Vector	CVSSv2 Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N
Quick links	CVE, NVD, CERT, Metasploit, Exploit-db, Fulldisc, Bugtraq, Microsoft, Red Hat, Debian, GitHub code/issues, Google
References	http://www.hastymail.org/security/ https://exchange.xforce.ibmcloud.com/vulnerabilities/64891