← CVECheck
HomeVulnerabilities

CVE-2000-0716 — LOW severity vulnerability (WorldClient email client in MDaemon 2.8 includes the session)

WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.

CVE IDCVE-2000-0716
SeverityLOW
CVSS score2.6
CVSS vectorAV:N/AC:H/Au:N/C:P/I:N/A:N
CWENVD-CWE-Other
StatusModified
Published2000-10-20
Last modified2026-04-16
DescriptionWorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →