Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0716

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2000-0716
Last Modified 05 Sep 2008 04:21:42
Published 20 Oct 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2000-0716

Summary

WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijcak the session ID and read the user's email.

Vulnerable Systems

Application

  • Alt-n Mdaemon 2.8


References

BID - 1553

NTBUGTRAQ - 20000809 Session hijacking in Alt-N's MDaemon 2.8

XF - mdaemon-session-id-hijack


Last Updated: 27 May 2016 10:35:50