CVE-2003-1481

CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:stalker:communigate_pro:3.1:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.2_b5:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.2_b7:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.3_b1:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.3_b2:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.4_b3:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0_b2:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0_b3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2003-12-31 05:00

Updated : 2024-02-28 10:24


NVD link : CVE-2003-1481

Mitre link : CVE-2003-1481

CVE.ORG link : CVE-2003-1481


JSON object : View

Products Affected

stalker

  • communigate_pro
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor