Lucene search

[email protected]CVE-2002-0258

HistoryMay 29, 2002 - 4:00 a.m.

CVE-2002-0258

2002-05-2904:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2002-0258

merak mail icewarp

static user session id

remote attack

user privileges.

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.4%

JSON

Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user’s answer or forward URLs.

CPENameOperatorVersion
icewarp:web_mailicewarp web maileq*
merak:mail_servermerak mail servereq*

CPE	Name	Operator	Version
icewarp:web_mail	icewarp web mail	eq	*
merak:mail_server	merak mail server	eq	*

References

marc.info/?l=bugtraq&m=101328887821909&w=2

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.4%

JSON