CVE-2003-1481

Stalker Communigate Pro - Information Disclosure

Title source: rule

Description

CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Yaroslav Polyakov · perlremotelinux

https://www.exploit-db.com/exploits/27

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/320438

[Third Party Advisory] http://securityreason.com/securityalert/3290

[Exploit, Patch] http://www.securityfocus.com/bid/7501

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/11932

Scores

EPSS 0.0459

EPSS Percentile 89.3%

Details

CWE

CWE-200

Status published

Products (14)

stalker/communigate_pro 3.1

stalker/communigate_pro 3.2.4

stalker/communigate_pro 3.2_b5

stalker/communigate_pro 3.2_b7

stalker/communigate_pro 3.3.2

stalker/communigate_pro 3.3_b1

stalker/communigate_pro 3.3_b2

stalker/communigate_pro 3.4_b3

stalker/communigate_pro 4.0.1

stalker/communigate_pro 4.0.2

... and 4 more

Published Dec 31, 2003

Tracked Since Feb 18, 2026