Back to search
CVE-2009-4353
Published: Dec 17, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
JVN#85821104
third-party-advisory
x_refsource_JVN
JVNDB-2009-000076
third-party-advisory
x_refsource_JVNDB
http://www.transware.co.jp/support_am/security/vulnerability3.html
x_refsource_CONFIRM
37602
third-party-advisory
x_refsource_SECUNIA
activemail2003-sessionid-info-disclosure(54751)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now