VULHUB ™

SqWebMail is prone to a vulnerability that may allow remote attackers to hijack webmail sessions. This vulnerability occurs if the victim user follows a malicious link provided by an attacker via an e-mail that is viewed from the webmail system. This will permit an attacker to gain unauthorized access to the user's session ID, which may be then used to hijack the user's session, if it hasn't timed out. SqWebMail is included in the Courier mail server, but is also available as a stand-alone CGI application.

SqWebMail is prone to a vulnerability that may allow remote attackers to hijack webmail sessions. This vulnerability occurs if the victim user follows a malicious link provided by an attacker via an e-mail that is viewed from the webmail system. This will permit an attacker to gain unauthorized access to the user's session ID, which may be then used to hijack the user's session, if it hasn't timed out. SqWebMail is included in the Courier mail server, but is also available as a stand-alone CGI application.