|
[Japanese]
|
JVNDB-2009-000077
|
Active! mail 2003 cookie disclosure vulnerability
|
|
Active! mail 2003 from TransWARE Co. contains a vulnerability in which cookies may be disclosed.
Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which cookies may be disclosed.
Kenichi Maehashi of CIS RAT at Hosei University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: High
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
TransWARE Co.
- Active! mail 2003 Build 2003.0139.0871 and earlier
- Active! mail 2003 Build 2003.0139.0911 and Build 2003.0139.0938 (if the configuration file "system.cfg" has not been fixed)
|
|
|
A remote attacker could impersonate a user of Active! mail 2003. As a result, the user's email could be viewed or configurations could be modified.
|
|
[Update the Software]
Update to the latest version according to the information provided by the vendor.
[Change the Setting]
For Active! mail 2003 Build 2003.0139.0911 and Build 2003.0139.0938, this vulnerability can be addressed by fixing the configuration file "system.cfg".
For more information, refer to the vendor's website.
|
|
TransWARE Co.
|
|
- Information Exposure(CWE-200) [IPA Evaluation]
|
|
- CVE-2009-4354
|
|
- JVN : JVN#36207497
- National Vulnerability Database (NVD) : CVE-2009-4354
- ISS X-Force Database : 54752
|
|
- [2009/12/15]
Web page published
|
