漏洞信息详情
Horde IMP会话劫持漏洞
- CNNVD编号:CNNVD-200112-060
- 危害等级: 高危
![图片[1]-Horde IMP会话劫持漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-11/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2001-0857
- 漏洞类型:
跨站脚本
- 发布时间:
2001-12-06
- 威胁类型:
远程
- 更新时间:
2005-05-02
- 厂 商:
imp - 漏洞来源:
This vulnerability… -
漏洞简介
Imp Webmail 2.2.6及其更早版本的status.php3存在跨站脚本攻击(XSS)漏洞。远程攻击者可以通过劫持会话cookies借助message参数获取其他用户电子邮件的访问权限。
漏洞公告
It has been reported that the devel version of Horde IMP and Horde IMP 3.0 Release Candidate 1 are not vulnerable to this issue.
It is advised to upgrade to Imp 2.2.7.
Additional upgrades are available.
Horde IMP 2.0
-
Horde IMP 2.2.7
http://www.horde.org/imp/download/
Horde IMP 2.2
-
Horde IMP 2.2.7
http://www.horde.org/imp/download/
Horde IMP 2.2.1
-
Horde IMP 2.2.7
http://www.horde.org/imp/download/
Horde IMP 2.2.2
-
Horde IMP 2.2.7
http://www.horde.org/imp/download/
Horde IMP 2.2.3
-
Horde IMP 2.2.7
http://www.horde.org/imp/download/
Horde IMP 2.2.4
-
Horde IMP 2.2.7
http://www.horde.org/imp/download/
Horde IMP 2.2.5
-
Horde IMP 2.2.7
http://www.horde.org/imp/download/
Horde IMP 2.2.6
-
Conectiva 5.0 noarch horde-1.2.7-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-1.2.7-1U50_1cl.no
arch.rpm -
Conectiva 5.0 noarch horde-mysql-1.2.7-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-mysql-1.2.7-1U50_
1cl.noarch.rpm -
Conectiva 5.0 noarch horde-pgsql-1.2.7-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-pgsql-1.2.7-1U50_
1cl.noarch.rpm -
Conectiva 5.0 noarch horde-shm-1.2.7-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-shm-1.2.7-1U50_1c
l.noarch.rpm -
Conectiva 5.0 noarch imp-2.2.7-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/imp-2.2.7-1U50_1cl.noar
ch.rpm -
Conectiva 5.1 noarch horde-1.2.7-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-1.2.7-1U51_1cl.no
arch.rpm -
Conectiva 5.1 noarch horde-mysql-1.2.7-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-mysql-1.2.7-1U51_
1cl.noarch.rpm -
Conectiva 5.1 noarch horde-pgsql-1.2.7-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-pgsql-1.2.7-1U51_
1cl.noarch.rpm -
Conectiva 5.1 noarch horde-shm-1.2.7-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-shm-1.2.7-1U51_1c
l.noarch.rpm -
Conectiva 5.1 noarch imp-2.2.7-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/imp-2.2.7-1U51_1cl.noar
ch.rpm -
Conectiva 6.0 horde-1.2.7-1U60_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-1.2.7-1U60_1cl.noar
ch.rpm -
Conectiva 6.0 horde-mysql-1.2.7-1U60_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-mysql-1.2.7-1U60_1c
l.noarch.rpm -
Conectiva 6.0 horde-pgsql-1.2.7-1U60_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-pgsql-1.2.7-1U60_1c
l.noarch.rpm -
Conectiva 6.0 horde-shm-1.2.7-1U60_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-shm-1.2.7-1U60_1cl.
noarch.rpm -
Conectiva 6.0 imp-2.2.7-1U60_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/imp-2.2.7-1U60_1cl.noarch
.rpm -
Conectiva 7.0 horde-1.2.7-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-1.2.7-1U70_1cl.noar
ch.rpm -
Conectiva 7.0 horde-mysql-1.2.7-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-mysql-1.2.7-1U70_1c
l.noarch.rpm -
Conectiva 7.0 horde-pgsql-1.2.7-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-pgsql-1.2.7-1U70_1c
l.noarch.rpm -
Conectiva 7.0 horde-shm-1.2.7-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-shm-1.2.7-1U70_1cl.
noarch.rpm -
Conectiva 7.0 imp-2.2.7-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imp-2.2.7-1U70_1cl.noarch
.rpm -
Horde IMP 2.2.7
http://www.horde.org/imp/download/
参考网址
来源: BUGTRAQ
名称: 20011110 IMP 2.2.7 (SECURITY) released
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=100540578822469&w=2
来源: BUGTRAQ
名称: 20011109 Imp Webmail session hijacking vulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=100535679608486&w=2
来源: XF
名称: imp-css-steal-cookies(7496)
链接:http://xforce.iss.net/static/7496.php
来源: BID
名称: 3525
链接:http://www.securityfocus.com/bid/3525
来源: OSVDB
名称: 668
链接:http://www.osvdb.org/668
来源: CALDERA
名称: CSSA-2001-039.0
链接:http://www.caldera.com/support/security/advisories/CSSA-2001-039.0.txt
来源: CONECTIVA
名称: CLA-2001:437
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000437
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
