Lucene search

K
cve[email protected]CVE-2001-1286
HistoryOct 12, 2001 - 4:00 a.m.

CVE-2001-1286

2001-10-1204:00:00
NVD-CWE-Other
web.nvd.nist.gov
21
ipswitch
imail 7.04
session hijacking
user session id
url
cve-2001-1286

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.4%

Ipswitch IMail 7.04 and earlier stores a user’s session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker’s control.

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.4%

Related for CVE-2001-1286