Vulnerability Name:

CVE-2000-0406 (CCN-4474)

Assigned:2000-05-10
Published:2000-05-10
Updated:2008-09-10
Summary:Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: ACROS Security Problem Report #2000-04-06-1-PUB
Bypassing Warnings For Invalid SSL Certificates In Netscape Navigator

Source: MITRE
Type: CNA
CVE-2000-0406

Source: CCN
Type: Netscape Communications, Inc. Web site
Netscape Products

Source: CCN
Type: Netscape Security Notes
The Acros-Suencksen SSL Vulnerability

Source: CCN
Type: RHSA-2000:028-02
netscape SSL telnet rlogin

Source: MISC
Type: UNKNOWN
http://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txt

Source: CCN
Type: CERT Advisory CA-2000-05
Netscape Navigator Improperly Validates SSL Sessions

Source: CERT
Type: Third Party Advisory, US Government Resource
CA-2000-05

Source: CCN
Type: CIAC Information Bulletin K-040
Netscape Navigator Improperly Validates SSL Sessions

Source: CCN
Type: OSVDB ID: 1321
Netscape Navigator and Communicator Invalid SSL Certificate Warning Bypass

Source: REDHAT
Type: UNKNOWN
RHSA-2000:028

Source: BID
Type: UNKNOWN
1188

Source: CCN
Type: BID-1188
Netscape Navigator and Communicator Invalid SSL Certificate Warning Bypass Vulnerability

Source: CCN
Type: FedCIRC Advisory FA-2000-05
Netscape Navigator Improperly Validates SSL Sessions

Source: XF
Type: UNKNOWN
netscape-invalid-ssl-sessions(4474)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:netscape:communicator:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.05:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.5:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.5_beta:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.06:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.6:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.07:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.7:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.51:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.61:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.72:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:netscape:communicator:4.5:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.05:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.51:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.6:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.61:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.06:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.7:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.07:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.5_beta:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:4.72:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:navigator:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:navigator:4.01:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:navigator:4.02:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:navigator:4.03:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:navigator:4.04:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:navigator:4.05:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:navigator:4.06:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    netscape communicator 4.0
    netscape communicator 4.05
    netscape communicator 4.5
    netscape communicator 4.5_beta
    netscape communicator 4.06
    netscape communicator 4.6
    netscape communicator 4.07
    netscape communicator 4.7
    netscape communicator 4.51
    netscape communicator 4.61
    netscape communicator 4.72
    netscape communicator 4.5
    netscape communicator 4.05
    netscape communicator 4.51
    netscape communicator 4.6
    netscape communicator 4.61
    netscape communicator 4.06
    netscape communicator 4.0
    netscape communicator 4.7
    netscape communicator 4.07
    netscape communicator 4.5_beta
    netscape communicator 4.72
    netscape navigator 4.0
    netscape navigator 4.01
    netscape navigator 4.02
    netscape navigator 4.03
    netscape navigator 4.04
    netscape navigator 4.05
    netscape navigator 4.06