CVE-2003-1481

CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.

Published: Dec 31, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-1481
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
stalker / communigate_pro	3.2_b5	3.2_b5.x
stalker / communigate_pro	4.0_b3	4.0_b3.x
stalker / communigate_pro	3.3_b2	3.3_b2.x
stalker / communigate_pro	3.1	3.1.x
stalker / communigate_pro	3.3_b1	3.3_b1.x
stalker / communigate_pro	4.0.1	4.0.1.x
stalker / communigate_pro	4.0.6	4.0.6.x
stalker / communigate_pro	4.0_b2	4.0_b2.x
stalker / communigate_pro	3.4_b3	3.4_b3.x
stalker / communigate_pro	3.2.4	3.2.4.x
stalker / communigate_pro	4.0.2	4.0.2.x
stalker / communigate_pro	3.2_b7	3.2_b7.x
stalker / communigate_pro	4.0.3	4.0.3.x
stalker / communigate_pro	3.3.2	3.3.2.x

Vulnerability Database

291,049

CVE-2003-1481