5.8

CVE-2003-1481

Exploit

EPSS 2.62%
Veröffentlicht 31.12.2003 05:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Stalker ≫ Communigate Pro Version3.1

Stalker ≫ Communigate Pro Version3.2.4

Stalker ≫ Communigate Pro Version3.2_b5

Stalker ≫ Communigate Pro Version3.2_b7

Stalker ≫ Communigate Pro Version3.3.2

Stalker ≫ Communigate Pro Version3.3_b1

Stalker ≫ Communigate Pro Version3.3_b2

Stalker ≫ Communigate Pro Version3.4_b3

Stalker ≫ Communigate Pro Version4.0.1

Stalker ≫ Communigate Pro Version4.0.2

Stalker ≫ Communigate Pro Version4.0.3

Stalker ≫ Communigate Pro Version4.0.6

Stalker ≫ Communigate Pro Version4.0_b2

Stalker ≫ Communigate Pro Version4.0_b3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.62%	0.843

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://securityreason.com/securityalert/3290

http://www.securityfocus.com/archive/1/320438

http://www.securityfocus.com/bid/7501

Patch

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/11932

https://nvd.nist.gov/vuln/detail/CVE-2003-1481

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2003-1481

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2003-1481

EUVD