Vulnerabilities > CVE-2002-2165 - Unspecified vulnerability in Imho Webmail

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

imho

exploit available

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox.

Vulnerable Configurations

Part	Description	Count
Application	Imho Imho Imho Webmail 0.96 Imho Imho Webmail 0.96.1 Imho Imho Webmail 0.96.2 Imho Imho Webmail 0.96.3 Imho Imho Webmail 0.97 Imho Imho Webmail 0.97.1 Imho Imho Webmail 0.98 Imho Imho Webmail 0.98.2 Imho Imho Webmail 0.98.3	9

Exploit-Db

description	IMHO Webmail 0.9x Account Hijacking Vulnerability. CVE-2002-2165. Webapps exploit for cgi platform
id	EDB-ID:21617
last seen	2016-02-02
modified	2002-07-15
published	2002-07-15
reporter	Security Bugware
source	https://www.exploit-db.com/download/21617/
title	IMHO Webmail 0.9x Account Hijacking Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References