CVE-2002-0258
First published: Fri May 03 2002(Updated: )
Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IceWarp WebMail Server | ||
| IceWarp Merak Mail Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-0258?
The severity of CVE-2002-0258 is considered moderate due to its potential for privilege escalation.
How do I fix CVE-2002-0258?
To fix CVE-2002-0258, implement a dynamic session ID generation process that changes with each session to enhance security.
What software is affected by CVE-2002-0258?
CVE-2002-0258 affects IceWarp Web Mail and Merak Mail Server.
What risks are associated with CVE-2002-0258?
The risks associated with CVE-2002-0258 include unauthorized access to user accounts and potential data compromise.
Can CVE-2002-0258 be exploited remotely?
Yes, CVE-2002-0258 can be exploited remotely if an attacker obtains the static session identifier.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/icewarp
- canonical/icewarp webmail server
- vendor/merak
- canonical/icewarp merak mail server