Vulnerabilities > CVE-2009-4354 - Credentials Management vulnerability in Transware Active! Mail 1.422/2.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |