CVE-2003-1481
CommuniGate Pro Webmail 4.0.6 - Session Hijacking
Severity Score
5.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2003-05-05 First Exploit
- 2003-12-31 CVE Published
- 2007-10-24 CVE Reserved
- 2024-08-08 CVE Updated
- 2024-08-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/3290 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/320438 | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11932 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/27 | 2003-05-05 | |
| http://www.securityfocus.com/bid/7501 | 2024-08-08 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Stalker Search vendor "Stalker" | Communigate Pro Search vendor "Stalker" for product "Communigate Pro" | 3.1 Search vendor "Stalker" for product "Communigate Pro" and version "3.1" | - |
Affected
| ||||||
| Stalker Search vendor "Stalker" | Communigate Pro Search vendor "Stalker" for product "Communigate Pro" | 3.2.4 Search vendor "Stalker" for product "Communigate Pro" and version "3.2.4" | - |
Affected
| ||||||
| Stalker Search vendor "Stalker" | Communigate Pro Search vendor "Stalker" for product "Communigate Pro" | 3.2_b5 Search vendor "Stalker" for product "Communigate Pro" and version "3.2_b5" | - |
Affected
| ||||||
| Stalker Search vendor "Stalker" | Communigate Pro Search vendor "Stalker" for product "Communigate Pro" | 3.2_b7 Search vendor "Stalker" for product "Communigate Pro" and version "3.2_b7" | - |
Affected
| ||||||
| Stalker Search vendor "Stalker" | Communigate Pro Search vendor "Stalker" for product "Communigate Pro" | 3.3.2 Search vendor "Stalker" for product "Communigate Pro" and version "3.3.2" | - |
Affected
| ||||||
| Stalker Search vendor "Stalker" | Communigate Pro Search vendor "Stalker" for product "Communigate Pro" | 3.3_b1 Search vendor "Stalker" for product "Communigate Pro" and version "3.3_b1" | - |
Affected
| ||||||
| Stalker Search vendor "Stalker" | Communigate Pro Search vendor "Stalker" for product "Communigate Pro" | 3.3_b2 Search vendor "Stalker" for product "Communigate Pro" and version "3.3_b2" | - |
Affected
| ||||||
| Stalker Search vendor "Stalker" | Communigate Pro Search vendor "Stalker" for product "Communigate Pro" | 3.4_b3 Search vendor "Stalker" for product "Communigate Pro" and version "3.4_b3" | - |
Affected
| ||||||
| Stalker Search vendor "Stalker" | Communigate Pro Search vendor "Stalker" for product "Communigate Pro" | 4.0.1 Search vendor "Stalker" for product "Communigate Pro" and version "4.0.1" | - |
Affected
| ||||||
| Stalker Search vendor "Stalker" | Communigate Pro Search vendor "Stalker" for product "Communigate Pro" | 4.0.2 Search vendor "Stalker" for product "Communigate Pro" and version "4.0.2" | - |
Affected
| ||||||
| Stalker Search vendor "Stalker" | Communigate Pro Search vendor "Stalker" for product "Communigate Pro" | 4.0.3 Search vendor "Stalker" for product "Communigate Pro" and version "4.0.3" | - |
Affected
| ||||||
| Stalker Search vendor "Stalker" | Communigate Pro Search vendor "Stalker" for product "Communigate Pro" | 4.0.6 Search vendor "Stalker" for product "Communigate Pro" and version "4.0.6" | - |
Affected
| ||||||
| Stalker Search vendor "Stalker" | Communigate Pro Search vendor "Stalker" for product "Communigate Pro" | 4.0_b2 Search vendor "Stalker" for product "Communigate Pro" and version "4.0_b2" | - |
Affected
| ||||||
| Stalker Search vendor "Stalker" | Communigate Pro Search vendor "Stalker" for product "Communigate Pro" | 4.0_b3 Search vendor "Stalker" for product "Communigate Pro" and version "4.0_b3" | - |
Affected
| ||||||