CVE-2001-1286 Information

Description

Ipswitch IMail 7.04 and earlier stores a user’s session ID in a URL which could allow remote attackers to hijack sessions by obtaining the URL e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker’s control.

Reference

http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html http://online.securityfocus.com/archive/1/261096 http://www.ipswitch.com/Support/IMail/news.html http://www.securityfocus.com/bid/3432