CVE-2003-1481

high

Description

CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/11932

http://www.securityfocus.com/archive/1/320438

http://securityreason.com/securityalert/3290

Details

Source: Mitre, NVD

Published: 2003-12-31

Updated: 2017-07-29

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High