| Vulnerability Name: | CVE-2000-0676 (CCN-5032) | ||||||||
| Assigned: | 2000-08-06 | ||||||||
| Published: | 2000-08-06 | ||||||||
| Updated: | 2008-09-10 | ||||||||
| Summary: | Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-00:39 Two Vulnerabilities in Netscape Source: FREEBSD Type: UNKNOWN FreeBSD-SA-00:39 Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2000-027.1 Netscape java security bug Source: BUGTRAQ Type: UNKNOWN 20000804 Dangerous Java/Netscape Security Hole Source: CCN Type: BugTraq Mailing List, Fri Aug 04 2000 - 21:04:29 CDT Dangerous Java/Netscape Security Hole Source: BUGTRAQ Type: UNKNOWN 20000810 MDKSA-2000:033 Netscape Java vulnerability Source: CCN Type: Linux-Mandrake Security Update Advisory MDKSA-2000:033 Netscape Java vulnerability Source: CCN Type: Conectiva Linux Announcement CLSA-2000:246 netscape Source: BUGTRAQ Type: UNKNOWN 20000818 Conectiva Linux Security Announcement - netscape Source: BUGTRAQ Type: UNKNOWN 20000821 MDKSA-2000:036 - netscape update Source: CCN Type: Linux-Mandrake Security Update Advisory MDKSA-2000:036 netscape update Source: MITRE Type: CNA CVE-1999-0660 Source: MITRE Type: CNA CVE-2000-0676 Source: MITRE Type: CNA CVE-2000-0711 Source: CCN Type: SecurityFocus.com news Beware 'Brown Orifice' Source: CCN Type: RHSA-2000:054-01 New Netscape packages fix Java security hole Source: CALDERA Type: UNKNOWN CSSA-2000-027.1 Source: CCN Type: CERT Advisory CA-2000-15 Netscape Allows Java Applets to Read Protected Resources Source: CERT Type: Patch, Third Party Advisory, US Government Resource CA-2000-15 Source: CCN Type: CIAC Information Bulletin K-063 Netscape - Java Vulnerability Source: CCN Type: Internet Security Systems Security Alert #58 Brown Orifice, BOHTTPD, a Platform Independent Java Vulnerability in Netscape Source: CCN Type: US-CERT VU#32231 Netscape Java Security Manager fails to prevent URLConnections through netscape.net.URLConnection Class Source: CCN Type: Netscape Communications, Inc. Web site Netscape Security Notes Source: CCN Type: National Infrastructure Protection Center Advisory 00-052 "Brown Orifice", August 9, 2000 Source: SUSE Type: UNKNOWN 20000823 Security Hole in Netscape, Versions 4.x, possibly others Source: CCN Type: OSVDB ID: 1492 Multiple Vendor JVM ServerSocket Object Privilege Escalation Source: CCN Type: OSVDB ID: 1493 Netscape Multiple Protocol Java Applet File Disclosure Source: REDHAT Type: UNKNOWN RHSA-2000:054 Source: CCN Type: BID-1545 Multiple Vendor Java Virtual Machine Listening Socket Vulnerability Source: BID Type: Exploit, Patch, Vendor Advisory 1546 Source: CCN Type: BID-1546 Netscape Communicator URL Read Vulnerability Source: CCN Type: SuSE Security Announcement #60 Netscape, Versions 4.x, possibly others Source: XF Type: UNKNOWN java-brownorifice(5032) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||