Details of VAR-200110-0110

ID

VAR-200110-0110

CVE

CVE-2001-1284

TITLE

Ipswitch IMail Server Predictable Session ID Vulnerability

Trust: 0.9

sources: BID: 3428 // CNNVD: CNNVD-200110-041

DESCRIPTION

Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP, etc. If the attacker can anticipate a current valid session ID then they will be able to access webmail accounts without possessing a valid username/password. Session IDs are generated using alphanumeric characters. A number of the characters are static

Trust: 1.26

sources: NVD: CVE-2001-1284 // BID: 3428 // VULHUB: VHN-4089

AFFECTED PRODUCTS

vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.4	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.6	Trust: 1.6
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.2	Trust: 1.6

sources: BID: 3428 // CNNVD: CNNVD-200110-041 // NVD: CVE-2001-1284

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1284
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200110-041
value:	HIGH
Trust: 0.6
VULHUB:	VHN-4089
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-1284
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4089
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4089 // CNNVD: CNNVD-200110-041 // NVD: CVE-2001-1284

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1284

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200110-041

TYPE

Design Error

Trust: 0.9

sources: BID: 3428 // CNNVD: CNNVD-200110-041

EXTERNAL IDS

db:	BID	id:	3428	Trust: 2.0
db:	NVD	id:	CVE-2001-1284	Trust: 2.0
db:	CNNVD	id:	CNNVD-200110-041	Trust: 0.7
db:	BUGTRAQ	id:	20011011 IPSWITCH IMAIL 7.04 VULNERABILITIES	Trust: 0.6
db:	VULHUB	id:	VHN-4089	Trust: 0.1

sources: VULHUB: VHN-4089 // BID: 3428 // CNNVD: CNNVD-200110-041 // NVD: CVE-2001-1284

REFERENCES

url:	http://www.securityfocus.com/bid/3428	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html	Trust: 1.7
url:	http://www.ipswitch.com/support/imail/news.html	Trust: 1.7
url:	http://www.ipswitch.com/products/imail_server/index.html	Trust: 0.3

sources: VULHUB: VHN-4089 // BID: 3428 // CNNVD: CNNVD-200110-041 // NVD: CVE-2001-1284

CREDITS

Discovered and posted to Bugtraq by Niels Heinen <zilli0n@gmx.net> on Oct 12, 2001.

Trust: 0.9

sources: BID: 3428 // CNNVD: CNNVD-200110-041

SOURCES

db:	VULHUB	id:	VHN-4089
db:	BID	id:	3428
db:	CNNVD	id:	CNNVD-200110-041
db:	NVD	id:	CVE-2001-1284

LAST UPDATE DATE

2025-04-03T22:25:23.020000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-4089	date:	2008-09-10T00:00:00
db:	BID	id:	3428	date:	2009-07-11T09:06:00
db:	CNNVD	id:	CNNVD-200110-041	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-1284	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-4089	date:	2001-10-12T00:00:00
db:	BID	id:	3428	date:	2001-10-12T00:00:00
db:	CNNVD	id:	CNNVD-200110-041	date:	2001-10-12T00:00:00
db:	NVD	id:	CVE-2001-1284	date:	2001-10-12T04:00:00