Lucene search

[email protected]CVE-2000-0716

HistoryOct 20, 2000 - 4:00 a.m.

CVE-2000-0716

2000-10-2004:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2000-0716

worldclient

mdaemon

email client

http

session id

session hijack.

7.2 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

45.2%

JSON

WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user’s email.

CPENameOperatorVersion
alt-n:mdaemonalt-n mdaemoneq2.8

CPE	Name	Operator	Version
alt-n:mdaemon	alt-n mdaemon	eq	2.8

References

www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=459

www.securityfocus.com/bid/1553

exchange.xforce.ibmcloud.com/vulnerabilities/5070

7.2 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

45.2%

JSON

Related for CVE-2000-0716

cvelist1