CVE-2002-0258
CVSS7.5
发布时间 :2002-05-29 00:00:00
修订时间 :2016-10-17 22:17:46
NMCOS    

[原文]Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs.


[CNNVD]IceWarp Web Mail会话ID泄露漏洞(CNNVD-200205-096)

        Merak Mail IceWarp Web Mail将静态标识符作为不修改交叉会话的用户会话ID,具有ID访问权限的远程攻击者可以利用该漏洞可以像用户一样获取权限,例如通过提取用户答案或转发URL中的ID。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:merak:mail_server
cpe:/a:icewarp:web_mail

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0258
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0258
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200205-096
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=101328887821909&w=2
(UNKNOWN)  BUGTRAQ  20020209 Security Issue in Icewarp

- 漏洞信息

IceWarp Web Mail会话ID泄露漏洞
高危 设计错误
2002-05-29 00:00:00 2005-10-20 00:00:00
远程  
        Merak Mail IceWarp Web Mail将静态标识符作为不修改交叉会话的用户会话ID,具有ID访问权限的远程攻击者可以利用该漏洞可以像用户一样获取权限,例如通过提取用户答案或转发URL中的ID。

- 公告与补丁

        The vendor has addressed this issue in Ice Warp 3.3.1 and later.
        IceWarp Web Mail 1.40 .00
        
        IceWarp Web Mail 1.40.10
        
        IceWarp Web Mail 3.1.4
        

- 漏洞信息

8526
IceWarp WebMail Static Session ID Arbitrary Account Hijack
Remote / Network Access
Loss of Confidentiality, Loss of Integrity
Exploit Unknown

- 漏洞描述

Web Mail contains a flaw that may allow a malicious user to hijack user accounts. The issue is triggered when a static identifier, which is used as a user session ID, is extracted from a URL. It is possible that the flaw may allow a privilege escalation resulting in a loss of confidentiality and integrity.

- 时间线

2002-02-09 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 4.2.3 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: decrease the timeout value for the session ID. In the include.html file, find the default value of 240 and set it to a lower value.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

IceWarp Web Mail Session ID Disclosure Vulnerability
Design Error 12143
Yes No
2002-02-09 12:00:00 2009-07-12 09:26:00
Discovery of this vulnerability is credited to Hüseyin Uslu <raistlinthewiz@hotmail.com>.

- 受影响的程序版本

IceWarp Web Mail 3.1.4
IceWarp Web Mail 1.40.10
IceWarp Web Mail 1.40 .00
IceWarp Web Mail 3.3.1

- 不受影响的程序版本

IceWarp Web Mail 3.3.1

- 漏洞讨论

IceWarp Web Mail is reported to be affected by a vulnerability related to session ID handling. The cause of the issue is that session IDs may be included in 'answer' and 'forward' link in email responses, exposing the session ID to other user's of the Web mail system.

This issue may be exploited to hijack a user's session.

- 漏洞利用

No exploit is required. The following example demonstrates how a malicious user may access another user's account provided they have acquired a valid session ID:

http://www.example.com/view.html?id=[acquired ID]

- 解决方案

The vendor has addressed this issue in Ice Warp 3.3.1 and later.


IceWarp Web Mail 1.40 .00

IceWarp Web Mail 1.40.10

IceWarp Web Mail 3.1.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站