CVE-2009-4354

TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
transwareactive\!_mail
𝑥
≤ 2003
transwareactive\!_mail
1.422
transwareactive\!_mail
2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN36207497/index.html
http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000077.html
http://www.transware.co.jp/support_am/security/vulnerability1.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/54752
http://jvn.jp/en/jp/JVN36207497/index.html
http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000077.html
http://www.transware.co.jp/support_am/security/vulnerability1.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/54752