CVE-2002-2165

2005-11-1621:17:00

mitre

www.cve.org

webmail

roxen

referer

local users

inbox

AI Score

6.2

Confidence

Low

EPSS

Percentile

0.4%

JSON

The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser’s previous login session in an error page, which allows local users to read another user’s inbox.

References

www.iss.net/security_center/static/9615.php

www.securitybugware.org/Other/5537.html

www.securityfocus.com/bid/5238