漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote attackers to set a session identifier when HSTS is disabled on a victim's browser. After a user logs in, they are authenticated and the session identifier is valid. Then, a remote attacker can access the victim's web panel with the same session identifier.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
mailcow 安全漏洞
Vulnerability Description
mailcow是mailcow开源的一个邮件服务器套件。 mailcow 2024-11b及之前版本存在安全漏洞,该漏洞源于存在会话固定漏洞,导致攻击者能访问用户面板。
CVSS Information
N/A
Vulnerability Type
N/A