Japan Vulnerability NotesJVN:36207497JVN#36207497 Active! mail 2003 cookie disclosure vulnerability
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
70.9%
Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which cookies may be disclosed.
Impact
A remote attacker could impersonate a user of Active! mail 2003. As a result, the user’s email could be viewed or configurations could be modified.
Solution
Update the Software
Update to the latest version according to the information provided by the vendor.
Change the Setting
For Active! mail 2003 Build 2003.0139.0911 and Build 2003.0139.0938, this vulnerability can be addressed by fixing the configuration file “system.cfg”.
For more information, refer to the vendor’s website.
Products Affected
- Active! mail 2003 Build 2003.0139.0871 and earlier
- Active! mail 2003 Build 2003.0139.0911 and Build 2003.0139.0938 (if the configuration file “system.cfg” has not been fixed)
The above products are affected by this vulnerability when used in a SSL (https) environment.
Related
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
70.9%