CyberSec.Space Logo
CVEブラウザに戻る

CVE-2003-1481

MEDIUM
5.8
CVSS Severity Score
EPSS Score0.1260%
EPSS Percentile26.41th
Published2003年12月31日
Last Modified2026年4月16日

Vulnerability Description

CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.

Affected Platforms (CPE)

📦
Stalker

Communigate Pro

= 3.1
📦
Stalker

Communigate Pro

= 3.2.4
📦
Stalker

Communigate Pro

= 3.2_b5
📦
Stalker

Communigate Pro

= 3.2_b7
📦
Stalker

Communigate Pro

= 3.3.2
📦
Stalker

Communigate Pro

= 3.3_b1
📦
Stalker

Communigate Pro

= 3.3_b2
📦
Stalker

Communigate Pro

= 3.4_b3
📦
Stalker

Communigate Pro

= 4.0.1
📦
Stalker

Communigate Pro

= 4.0.2
📦
Stalker

Communigate Pro

= 4.0.3
📦
Stalker

Communigate Pro

= 4.0.6
📦
Stalker

Communigate Pro

= 4.0_b2
📦
Stalker

Communigate Pro

= 4.0_b3

References & Advisories

🔗 http://securityreason.com/securityalert/3290
🔗 http://www.securityfocus.com/archive/1/320438
🔗 http://www.securityfocus.com/bid/7501
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/11932
🔗 http://securityreason.com/securityalert/3290
🔗 http://www.securityfocus.com/archive/1/320438
🔗 http://www.securityfocus.com/bid/7501
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/11932

関連する脆弱性情報

CVE-2006-04687.5

CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitra...

CVE-2018-186216.1

CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the...

CVE-2017-169626.1

The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the ...

CVE-2018-38155.7

The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers f...