CVE-2001-1286
published 2001-10-12CVE-2001-1286: Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an…
PriorityP421high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.50%
87.7th percentile
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ipswitch | imail | — | — |
| ipswitch | imail | — | — |
| ipswitch | imail | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.htmlhttp://online.securityfocus.com/archive/1/261096http://www.ipswitch.com/Support/IMail/news.htmlhttp://www.securityfocus.com/bid/3432http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.htmlhttp://online.securityfocus.com/archive/1/261096http://www.ipswitch.com/Support/IMail/news.htmlhttp://www.securityfocus.com/bid/3432
2001-10-12
Published