ID CVE-2000-0716
Summary WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.
References
Vulnerable Configurations
  • cpe:2.3:a:alt-n:mdaemon:2.8:*:*:*:*:*:*:*
    cpe:2.3:a:alt-n:mdaemon:2.8:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 10-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:N/A:N
refmap via4
bid 1553
ntbugtraq 20000809 Session hijacking in Alt-N's MDaemon 2.8
xf mdaemon-session-id-hijack(5070)
Last major update 10-10-2017 - 01:29
Published 20-10-2000 - 04:00
Last modified 10-10-2017 - 01:29
Back to Top