Vulnerability Description
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netscape | Communicator | 4.0 |
References
- http://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txt
- http://www.cert.org/advisories/CA-2000-05.htmlThird Party AdvisoryUS Government Resource
- http://www.redhat.com/support/errata/RHSA-2000-028.html
- http://www.securityfocus.com/bid/1188
- http://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txt
- http://www.cert.org/advisories/CA-2000-05.htmlThird Party AdvisoryUS Government Resource
- http://www.redhat.com/support/errata/RHSA-2000-028.html
- http://www.securityfocus.com/bid/1188
FAQ
What is CVE-2000-0406?
CVE-2000-0406 is a vulnerability with a CVSS score of 2.6 (LOW). Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web ...
How severe is CVE-2000-0406?
CVE-2000-0406 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0406?
Check the references section above for vendor advisories and patch information. Affected products include: Netscape Communicator.