VAR-200110-0112
Vulnerability from variot - Updated: 2025-04-03 22:25Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. A vulnerability exists in IMail which could enable an authenticated user to view the mailbox of another IMail user. This accomplished using directory traversal techniques while logged into the server with a valid session ID
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200110-0112",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.2"
}
],
"sources": [
{
"db": "BID",
"id": "3432"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
},
{
"db": "NVD",
"id": "CVE-2001-1286"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Posted to Bugtraq by Niels Heinen \u003czilli0n@gmx.net\u003e on Oct 12, 2001.",
"sources": [
{
"db": "BID",
"id": "3432"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
}
],
"trust": 0.9
},
"cve": "CVE-2001-1286",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1286",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4091",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-1286",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200110-044",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4091",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4091"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
},
{
"db": "NVD",
"id": "CVE-2001-1286"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail 7.04 and earlier stores a user\u0027s session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker\u0027s control. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. \nA vulnerability exists in IMail which could enable an authenticated user to view the mailbox of another IMail user. \nThis accomplished using directory traversal techniques while logged into the server with a valid session ID",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1286"
},
{
"db": "BID",
"id": "3432"
},
{
"db": "VULHUB",
"id": "VHN-4091"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2001-1286",
"trust": 2.0
},
{
"db": "BID",
"id": "3432",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200110-044",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20020310 IMAIL ACCOUNT HIJACK THROUGH THE WEB INTERFACE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20011011 IPSWITCH IMAIL 7.04 VULNERABILITIES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4091",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4091"
},
{
"db": "BID",
"id": "3432"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
},
{
"db": "NVD",
"id": "CVE-2001-1286"
}
]
},
"id": "VAR-200110-0112",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4091"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:25:22.972000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1286"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/3432"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
},
{
"trust": 1.7,
"url": "http://online.securityfocus.com/archive/1/261096"
},
{
"trust": 1.7,
"url": "http://www.ipswitch.com/support/imail/news.html"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4091"
},
{
"db": "BID",
"id": "3432"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
},
{
"db": "NVD",
"id": "CVE-2001-1286"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4091"
},
{
"db": "BID",
"id": "3432"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
},
{
"db": "NVD",
"id": "CVE-2001-1286"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-4091"
},
{
"date": "2001-10-12T00:00:00",
"db": "BID",
"id": "3432"
},
{
"date": "2001-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-044"
},
{
"date": "2001-10-12T04:00:00",
"db": "NVD",
"id": "CVE-2001-1286"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-4091"
},
{
"date": "2009-07-11T09:06:00",
"db": "BID",
"id": "3432"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-044"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2001-1286"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail User Mailbox Disclosure Vulnerability",
"sources": [
{
"db": "BID",
"id": "3432"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…