Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0258

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0258
Last Modified 05 Sep 2008 04:27:34
Published 29 May 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0258

Summary

Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs.

Vulnerable Systems

Application

  • Icewarp Web Mail

  • Merak Mail Server


References

BUGTRAQ - 20020209 Security Issue in Icewarp


Last Updated: 27 May 2016 10:36:50