CVE-2001-1286

Name of the Vulnerable Software and Affected Versions: Ipswitch IMail versions 7.04 and earlier

Description: The issue allows remote attackers to hijack sessions by obtaining a URL that contains a user's session ID. This could be achieved via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.

Recommendations: For Ipswitch IMail versions 7.04 and earlier, consider disabling the feature that stores session IDs in URLs as a temporary workaround until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of session hijacking. Avoid using URLs that contain session IDs in HTML emails or other potentially vulnerable communications.