Summary
The remote host is running IMail web interface.
In this version, the session is maintained via the URL. It will be disclosed in the Referer field if you receive an email with external links (e.g. images)
Solution
Upgrade to IMail 7.06
or turn off the 'ignore source address in security check' option.
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat Session Fixation Vulnerability (Windows)
- IOServer Trailing Backslash Multiple Directory Traversal Vulnerabilities
- Herberlin Bremsserver Directory Traversal Vulnerability
- CommuniGate Pro Web Mail URI Parsing HTML Injection Vulnerability
- IBM WebSphere Application Multiple Vulnerabilities Jul-11