Transware » Active! Mail : Security Vulnerabilities, CVEs, Published In 2009
TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions.
Max CVSS
5.8
EPSS Score
0.32%
Published
2009-12-17
Updated
2017-08-17
The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL.
Max CVSS
5.8
EPSS Score
0.35%
Published
2009-12-17
Updated
2017-08-17
2 vulnerabilities found