Summary
The remote host is running IMail web interface.
In this version, the session is maintained via the URL. It will be disclosed in the Referer field if you receive an email with external links (e.g. images)
Solution
Upgrade to IMail 7.06
or turn off the 'ignore source address in security check' option.
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability
- Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability
- Apache Tomcat HTTP NIO Denial Of Service Vulnerability (Windows)
- HttpBlitz Server HTTP Request Remote Denial of Service Vulnerability
- Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability