Transware » Active! Mail » 2.0 : Security Vulnerabilities, CVEs,
CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.28%
Published
2010-11-05
Updated
2010-11-09
TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions.
Max CVSS
5.8
EPSS Score
0.32%
Published
2009-12-17
Updated
2017-08-17
2 vulnerabilities found