Vulnerability Description
The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netscape | Messaging Server | 4.15 |
References
- http://marc.info/?l=bugtraq&m=97138100426121&w=2
- http://www.securityfocus.com/bid/1787ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5364
- http://marc.info/?l=bugtraq&m=97138100426121&w=2
- http://www.securityfocus.com/bid/1787ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5364
FAQ
What is CVE-2000-0960?
CVE-2000-0960 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on th...
How severe is CVE-2000-0960?
CVE-2000-0960 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0960?
Check the references section above for vendor advisories and patch information. Affected products include: Netscape Messaging Server.