| Vulnerability Name: | CVE-2000-0563 (CCN-5052) | ||||||||
| Assigned: | 2000-04-16 | ||||||||
| Published: | 2000-04-16 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sun Apr 16 2000 - 18:09:04 CDT Reappearance of an old IE security bug Source: CCN Type: BugTraq Mailing List, Fri May 12 2000 - 18:38:06 CDT Re: Reappearance of an old IE security bug Source: BUGTRAQ Type: Exploit, Patch, Vendor Advisory 20000609 Security Holes Found in URLConnection of MRJ and IE of Mac OS (was Re: Reappearance of an old IE security bug) Source: MITRE Type: CNA CVE-2000-0563 Source: CCN Type: JavaHouse-Brewers Mailing List, message 33471 Warning: Security Holes Found in URLConnection of MRJ and IE of Mac OS Source: CCN Type: Apple Computer, Inc. Web site Apple-Products-Mac OS-Java Source: CCN Type: OSVDB ID: 7038 Mac OS Runtime Java URLConnection Arbitrary Host Access Source: BID Type: UNKNOWN 1336 Source: CCN Type: BID-1336 Multiple Vendors java.net.URLConnection Applet Direct Connection Vulnerability Source: BUGTRAQ Type: UNKNOWN 20000513 Re: Reappearance of an old IE security bug Source: XF Type: UNKNOWN macos-java-security-ignored(5052) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||