Vulnerability Details CVE-2002-2410
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html
- http://www.iss.net/security_center/static/10684.php
- http://www.securityfocus.com/bid/6232
- http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html
- http://www.iss.net/security_center/static/10684.php
- http://www.securityfocus.com/bid/6232
Products affected by CVE-2002-2410
-
cpe:2.3:a:open_webmail:open_webmail:1.7
-
cpe:2.3:a:open_webmail:open_webmail:1.71