CVE-2000-0406 - CVE Details

Description

Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.

Severity

Overall Severity: N/A

CVSS Metrics

Type	Score	Severity	Vector

Affected Products

netscape - communicator

Affected Versions:

netscape - communicator

Affected Versions:

4.05

netscape - communicator

Affected Versions:

netscape - communicator

Affected Versions:

4.5_beta

netscape - communicator

Affected Versions:

4.06

netscape - communicator

Affected Versions:

netscape - communicator

Affected Versions:

4.07

netscape - communicator

Affected Versions:

netscape - communicator

Affected Versions:

4.51

netscape - communicator

Affected Versions:

4.61

netscape - communicator

Affected Versions:

4.72

References

http://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txt
http://www.cert.org/advisories/CA-2000-05.html
Third Party AdvisoryUS Government Resource
http://www.redhat.com/support/errata/RHSA-2000-028.html
http://www.securityfocus.com/bid/1188
http://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txt
http://www.cert.org/advisories/CA-2000-05.html
Third Party AdvisoryUS Government Resource
http://www.redhat.com/support/errata/RHSA-2000-028.html
http://www.securityfocus.com/bid/1188