CVE-2003-1481

CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:stalker:communigate_pro:3.1:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.2_b5:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.2_b7:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.3_b1:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.3_b2:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.4_b3:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0_b2:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0_b3:*:*:*:*:*:*:*

History

20 Nov 2024, 23:47

Type Values Removed Values Added
References () http://securityreason.com/securityalert/3290 - () http://securityreason.com/securityalert/3290 -
References () http://www.securityfocus.com/archive/1/320438 - () http://www.securityfocus.com/archive/1/320438 -
References () http://www.securityfocus.com/bid/7501 - Exploit, Patch () http://www.securityfocus.com/bid/7501 - Exploit, Patch
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/11932 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/11932 -

Information

Published : 2003-12-31 05:00

Updated : 2024-11-20 23:47


NVD link : CVE-2003-1481

Mitre link : CVE-2003-1481

CVE.ORG link : CVE-2003-1481


JSON object : View

Products Affected

stalker

  • communigate_pro
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor