go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Openfind Mail2000 - HttpOnly flag bypass

TVN ID TVN-202407007
CVE ID CVE-2024-6741
CVSS 5.8 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Affected Products Mail2000 V7.0, V8.0
Description Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.
Solution Update Mail2000 V7.0 to Patch 131 or later
Update Mail2000 V8.0 to Patch 044 or later
Credit 周詳(Ministry of Digital Affairs)
Public Date 2024-07-15
Top