Описание
CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.
Ссылки
- ExploitPatch
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:stalker:communigate_pro:3.1:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.2_b5:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.2_b7:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.3_b1:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.3_b2:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:3.4_b3:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0_b2:*:*:*:*:*:*:*
cpe:2.3:a:stalker:communigate_pro:4.0_b3:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02624
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.
EPSS
Процентиль: 85%
0.02624
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-200