Strix
26.1K

CVE-2009-4353

UnknownEPSS 1.08%

Last modified

CVE-2009-4353 is a vulnerability of currently unknown severity. The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL.. EPSS estimates a 1.08% chance of exploitation in the next 30 days.

Description

The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL.

Metrics

EPSS Probability
1.08%

61.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
TranswareActive\! Mail<= 2003

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-4353?
The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL.
How severe is CVE-2009-4353?
Severity scoring for CVE-2009-4353 is pending analysis. The EPSS model estimates a 1.08% probability of exploitation in the next 30 days.
How do I fix CVE-2009-4353?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-4353?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST