// For flags

CVE-2003-1481

CommuniGate Pro Webmail 4.0.6 - Session Hijacking

Severity Score

5.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2003-05-05 First Exploit
  • 2003-12-31 CVE Published
  • 2007-10-24 CVE Reserved
  • 2024-08-08 CVE Updated
  • 2024-08-27 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Stalker
Search vendor "Stalker"
Communigate Pro
Search vendor "Stalker" for product "Communigate Pro"
3.1
Search vendor "Stalker" for product "Communigate Pro" and version "3.1"
-
Affected
Stalker
Search vendor "Stalker"
Communigate Pro
Search vendor "Stalker" for product "Communigate Pro"
3.2.4
Search vendor "Stalker" for product "Communigate Pro" and version "3.2.4"
-
Affected
Stalker
Search vendor "Stalker"
Communigate Pro
Search vendor "Stalker" for product "Communigate Pro"
3.2_b5
Search vendor "Stalker" for product "Communigate Pro" and version "3.2_b5"
-
Affected
Stalker
Search vendor "Stalker"
Communigate Pro
Search vendor "Stalker" for product "Communigate Pro"
3.2_b7
Search vendor "Stalker" for product "Communigate Pro" and version "3.2_b7"
-
Affected
Stalker
Search vendor "Stalker"
Communigate Pro
Search vendor "Stalker" for product "Communigate Pro"
3.3.2
Search vendor "Stalker" for product "Communigate Pro" and version "3.3.2"
-
Affected
Stalker
Search vendor "Stalker"
Communigate Pro
Search vendor "Stalker" for product "Communigate Pro"
3.3_b1
Search vendor "Stalker" for product "Communigate Pro" and version "3.3_b1"
-
Affected
Stalker
Search vendor "Stalker"
Communigate Pro
Search vendor "Stalker" for product "Communigate Pro"
3.3_b2
Search vendor "Stalker" for product "Communigate Pro" and version "3.3_b2"
-
Affected
Stalker
Search vendor "Stalker"
Communigate Pro
Search vendor "Stalker" for product "Communigate Pro"
3.4_b3
Search vendor "Stalker" for product "Communigate Pro" and version "3.4_b3"
-
Affected
Stalker
Search vendor "Stalker"
Communigate Pro
Search vendor "Stalker" for product "Communigate Pro"
4.0.1
Search vendor "Stalker" for product "Communigate Pro" and version "4.0.1"
-
Affected
Stalker
Search vendor "Stalker"
Communigate Pro
Search vendor "Stalker" for product "Communigate Pro"
4.0.2
Search vendor "Stalker" for product "Communigate Pro" and version "4.0.2"
-
Affected
Stalker
Search vendor "Stalker"
Communigate Pro
Search vendor "Stalker" for product "Communigate Pro"
4.0.3
Search vendor "Stalker" for product "Communigate Pro" and version "4.0.3"
-
Affected
Stalker
Search vendor "Stalker"
Communigate Pro
Search vendor "Stalker" for product "Communigate Pro"
4.0.6
Search vendor "Stalker" for product "Communigate Pro" and version "4.0.6"
-
Affected
Stalker
Search vendor "Stalker"
Communigate Pro
Search vendor "Stalker" for product "Communigate Pro"
4.0_b2
Search vendor "Stalker" for product "Communigate Pro" and version "4.0_b2"
-
Affected
Stalker
Search vendor "Stalker"
Communigate Pro
Search vendor "Stalker" for product "Communigate Pro"
4.0_b3
Search vendor "Stalker" for product "Communigate Pro" and version "4.0_b3"
-
Affected