[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80170

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-4354

Date: (C)2009-12-17   (M)2017-08-18 


TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions.

CVSS Score: 5.8Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 4.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: NONE





Reference:
JVN#36207497
JVNDB-2009-000077
activemail2003-cookie-info-disclosure(54752)
http://www.transware.co.jp/support_am/security/vulnerability1.html

CWE    1
CWE-255

© 2013 SecPod Technologies