Follow @discotekdotca
CVE-2000-0676
Current Description
Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.
Basic Data
| Published | October 20, 2000 |
|---|---|
| Last Modified | September 10, 2008 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | NVD-CWE-Other |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| CVSS 2 - Access Vector | NETWORK |
| CVSS 2 - Access Complexity | LOW |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | PARTIAL |
| CVSS 2 - Availability Impact | NONE |
| CVSS 2 - Base Score | 5.0 |
| Severity | MEDIUM |
| Exploitability Score | 10.0 |
| Impact Score | 2.9 |
| Obtain All Privilege | false |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Netscape Communicator 4.0 * * * * * * * � � � � 2.3 Application Netscape Communicator 4.04 * * * * * * * � � � � 2.3 Application Netscape Communicator 4.05 * * * * * * * � � � � 2.3 Application Netscape Communicator 4.5 * * * * * * * � � � � 2.3 Application Netscape Communicator 4.5_beta * * * * * * * � � � � 2.3 Application Netscape Communicator 4.06 * * * * * * * � � � � 2.3 Application Netscape Communicator 4.6 * * * * * * * � � � � 2.3 Application Netscape Communicator 4.07 * * * * * * * � � � � 2.3 Application Netscape Communicator 4.08 * * * * * * * � � � � 2.3 Application Netscape Communicator 4.51 * * * * * * * � � � � 2.3 Application Netscape Communicator 4.61 * * * * * * * � � � � 2.3 Application Netscape Communicator 4.72 * * * * * * * � � � � 2.3 Application Netscape Communicator 4.73 * * * * * * * � � � � 2.3 Application Netscape Communicator 4.74 * * * * * * * � � � �
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Netscape | Communicator | 4.0, 4.04, 4.05, 4.06, 4.07, 4.08, 4.5, 4.51, 4.5_beta, 4.6, 4.61, 4.72, 4.73, 4.74 |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| FreeBSD-SA-00:39 | ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc | FREEBSD | |
| 20000804 Dangerous Java/Netscape Security Hole | http://archives.neohapsis.com/archives/bugtraq/2000-08/0019.html | BUGTRAQ | |
| 20000810 MDKSA-2000:033 Netscape Java vulnerability | http://archives.neohapsis.com/archives/bugtraq/2000-08/0115.html | BUGTRAQ | |
| 20000818 Conectiva Linux Security Announcement - netscape | http://archives.neohapsis.com/archives/bugtraq/2000-08/0236.html | BUGTRAQ | |
| 20000821 MDKSA-2000:036 - netscape update | http://archives.neohapsis.com/archives/bugtraq/2000-08/0265.html | BUGTRAQ | |
| CSSA-2000-027.1 | http://www.calderasystems.com/support/security/advisories/CSSA-2000-027.1.txt | CALDERA | |
| CA-2000-15 | http://www.cert.org/advisories/CA-2000-15.html | CERT | Patch Third Party Advisory US Government Resource |
| 20000823 Security Hole in Netscape, Versions 4.x, possibly others | http://www.novell.com/linux/security/advisories/suse_security_announce_60.html | SUSE | |
| RHSA-2000:054 | http://www.redhat.com/support/errata/RHSA-2000-054.html | REDHAT | |
| 1546 | http://www.securityfocus.com/bid/1546 | BID | Exploit Patch Vendor Advisory |