CVE-2002-2165

IMHO Webmail <0.97.3 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-2165. PoCs published by Security Bugware.

AI-analyzed exploit summary This writeup describes an information leakage vulnerability in IMHO Roxen webmail where the REFERER header is exposed, potentially allowing session hijacking. The attacker must first authenticate, log out, and then access a specific error URL to leak the REFERER.

Description

The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Security Bugware · textwebappscgi
https://www.exploit-db.com/exploits/21617

This writeup describes an information leakage vulnerability in IMHO Roxen webmail where the REFERER header is exposed, potentially allowing session hijacking. The attacker must first authenticate, log out, and then access a specific error URL to leak the REFERER.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: IMHO Roxen webmail module
Auth required
Prerequisites: Valid user credentials for the webmail system
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
http://www.securitybugware.org/Other/5537.html
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9615.php
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5238

Scores

EPSS 0.0084
EPSS Percentile 53.6%

Details

Status published
Products (9)
imho/imho_webmail 0.96
imho/imho_webmail 0.96.1
imho/imho_webmail 0.96.2
imho/imho_webmail 0.96.3
imho/imho_webmail 0.97
imho/imho_webmail 0.97.1
imho/imho_webmail 0.98
imho/imho_webmail 0.98.2
imho/imho_webmail 0.98.3
Published Dec 31, 2002
Tracked Since Feb 18, 2026