Vulnerability Name:
CVE-1999-0853 (CCN-3586)
Assigned:
1999-12-01
Published:
1999-12-01
Updated:
2008-09-09
Summary:
Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.
CVSS v3 Severity:
10.0 Critical
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Changed
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
10.0 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
10.0 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-1999-0853
Source: CCN
Type: iPlanet Downloads Web site
iPlanet Download Page
Source: CCN
Type: Internet Security Systems Security Alert #39
Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure
Source: CCN
Type: OSVDB ID: 1153
Netscape Enterprise / FastTrack HTTP Basic Authentication Procedure Remote Overflow
Source: BID
Type: UNKNOWN
847
Source: CCN
Type: BID-847
Netscape Enterprise & FastTrack Authentication Buffer Overflow Vulnerability
Source: CCN
Type: BID-865
Netscape Enterprise Server for NetWare Admin Buffer Overflow Vulnerability
Source: XF
Type: UNKNOWN
netscape-fasttrack-auth-bo(3586)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:netscape:enterprise_server:3.5.1:*:*:*:*:*:*:*
OR
cpe:/a:netscape:enterprise_server:3.6:*:*:*:*:*:*:*
OR
cpe:/a:netscape:enterprise_server:3.6:sp2:*:*:*:*:*:*
OR
cpe:/a:netscape:fasttrack_server:3.01:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:netscape:enterprise_server:3.5.1:*:*:*:*:*:*:*
OR
cpe:/a:netscape:enterprise_server:3.6:*:*:*:*:*:*:*
OR
cpe:/a:netscape:enterprise_server:3.6:sp2:*:*:*:*:*:*
OR
cpe:/a:netscape:fasttrack_server:3.01:*:*:*:*:*:*:*
AND
cpe:/o:ibm:aix:*:*:*:*:*:*:*:*
OR
cpe:/o:windriver:bsdos:*:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:*:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:*:*:*:*:*:*:*:*
OR
cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*
OR
cpe:/o:sun:solaris:*:*:*:*:*:*:*:*
OR
cpe:/o:ibm:os2:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_95:*:*:*:*:*:*:*:*
OR
cpe:/a:data_general:dg_ux:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_98:*:*:*:*:*:*:*:*
OR
cpe:/a:novell:netware:*:*:*:*:*:*:*:*
OR
cpe:/o:sco:unix:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
OR
cpe:/o:cisco:ios:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*
OR
cpe:/o:compaq:tru64:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*
OR
cpe:/o:apple:mac_os:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
netscape
enterprise server 3.5.1
netscape
enterprise server 3.6
netscape
enterprise server 3.6 sp2
netscape
fasttrack server 3.01
netscape
enterprise server 3.5.1
netscape
enterprise server 3.6
netscape
enterprise server 3.6 sp2
netscape
fasttrack server 3.01
ibm
aix *
windriver
bsdos *
hp
hp-ux *
sgi
irix *
linux
linux kernel *
sun
solaris *
ibm
os2 *
microsoft
windows 95 *
data_general
dg ux *
microsoft
windows nt 4.0
microsoft
windows 98 *
novell
netware *
sco
unix *
microsoft
windows 98se *
microsoft
windows 2000 *
cisco
ios *
microsoft
windows me *
compaq
tru64 *
microsoft
windows xp
apple
mac os *
microsoft
windows 2003_server