CVE-2002-0258

Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:icewarp:web_mail:*:*:*:*:*:*:*:*
cpe:2.3:a:merak:mail_server:*:*:*:*:*:*:*:*

History

20 Nov 2024, 23:38

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=101328887821909&w=2 - () http://marc.info/?l=bugtraq&m=101328887821909&w=2 -

Information

Published : 2002-05-29 04:00

Updated : 2024-11-20 23:38


NVD link : CVE-2002-0258

Mitre link : CVE-2002-0258

CVE.ORG link : CVE-2002-0258


JSON object : View

Products Affected

icewarp

  • web_mail

merak

  • mail_server