2 matches found
CVE-2009-4353
CVE-2009-4353 affects Active! mail 2003 Mobile Edition (build 2003.0139.0871 and earlier; possibly before 2003.0139.0911). The issue is that the application does not remove the session ID from a Referer URL, enabling a remote attacker to hijack web sessions via vectors such as an email containing...
CVE-2009-4354
TransWARE Active! mail 2003 (Build 2003.0139.0871 and earlier) contains a session cookie handling flaw that can allow remote attackers to hijack web sessions via insecure cookie handling in SSL contexts. Affects the web-based mail software and enables user impersonation. According to JVN/NVD reco...