VYPR
Unrated severityNVD Advisory· Published Dec 17, 2009· Updated Jun 16, 2026

CVE-2009-4354

CVE-2009-4354

Description

TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:transware:active\!_mail:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:transware:active\!_mail:*:*:*:*:*:*:*:*range: <=2003
    • cpe:2.3:a:transware:active\!_mail:1.422:*:*:*:*:*:*:*
    • cpe:2.3:a:transware:active\!_mail:2.0:*:*:*:*:*:*:*
    • (no CPE)range: <= 2003 build 2003.0139.0871

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.