Vulnerability Description
The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imho | Imho Webmail | 0.96 |
References
- http://www.iss.net/security_center/static/9615.php
- http://www.securitybugware.org/Other/5537.htmlVendor Advisory
- http://www.securityfocus.com/bid/5238Exploit
- http://www.iss.net/security_center/static/9615.php
- http://www.securitybugware.org/Other/5537.htmlVendor Advisory
- http://www.securityfocus.com/bid/5238Exploit
FAQ
What is CVE-2002-2165?
CVE-2002-2165 is a vulnerability with a CVSS score of 2.1 (LOW). The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox.
How severe is CVE-2002-2165?
CVE-2002-2165 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2165?
Check the references section above for vendor advisories and patch information. Affected products include: Imho Imho Webmail.