PT-2003-2297 · Gabber · Gabber
Published
2003-12-31
·
Updated
2017-07-29
·
CVE-2003-1352
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Gabber version 0.8.7
Description
The issue allows remote attackers to obtain user session activity and the Gabber version number by sniffing, as Gabber sends an email to a specific address during user login and logout.
Recommendations
For Gabber version 0.8.7, consider restricting or disabling the email sending feature during user login and logout as a temporary workaround until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gabber