Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:38
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=bugtraq&m=101328887821909&w=2 - |
Information
Published : 2002-05-29 04:00
Updated : 2024-11-20 23:38
NVD link : CVE-2002-0258
Mitre link : CVE-2002-0258
CVE.ORG link : CVE-2002-0258
JSON object : View
Products Affected
icewarp
- web_mail
merak
- mail_server
CWE