2 matches found
CVE-2001-1286
Ipswitch IMail 7.04 and earlier stores a user’s session ID in a URL, enabling session hijacking if an attacker can obtain the URL (e.g., via an HTML email that causes the Referrer to reveal the URL under the attacker’s control). Affected product: Ipswitch IMail Web Interface. Root cause: session ...
CVE-2001-1286
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control...