| Vulnerability Name: | CVE-2000-0711 (CCN-5032) | ||||||||
| Assigned: | 2000-08-06 | ||||||||
| Published: | 2000-08-06 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-00:39 Two Vulnerabilities in Netscape Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2000-027.1 Netscape java security bug Source: CCN Type: BugTraq Mailing List, Fri Aug 04 2000 - 21:04:29 CDT Dangerous Java/Netscape Security Hole Source: CCN Type: Linux-Mandrake Security Update Advisory MDKSA-2000:033 Netscape Java vulnerability Source: CCN Type: Conectiva Linux Announcement CLSA-2000:246 netscape Source: CCN Type: Linux-Mandrake Security Update Advisory MDKSA-2000:036 netscape update Source: MITRE Type: CNA CVE-1999-0660 Source: MITRE Type: CNA CVE-2000-0676 Source: MITRE Type: CNA CVE-2000-0711 Source: CCN Type: SecurityFocus.com news Beware 'Brown Orifice' Source: CCN Type: RHSA-2000:054-01 New Netscape packages fix Java security hole Source: CCN Type: CERT Advisory CA-2000-15 Netscape Allows Java Applets to Read Protected Resources Source: CERT Type: Patch, Third Party Advisory, US Government Resource CA-2000-15 Source: CCN Type: CIAC Information Bulletin K-063 Netscape - Java Vulnerability Source: CCN Type: Internet Security Systems Security Alert #58 Brown Orifice, BOHTTPD, a Platform Independent Java Vulnerability in Netscape Source: CCN Type: US-CERT VU#32231 Netscape Java Security Manager fails to prevent URLConnections through netscape.net.URLConnection Class Source: CCN Type: Netscape Communications, Inc. Web site Netscape Security Notes Source: CCN Type: National Infrastructure Protection Center Advisory 00-052 "Brown Orifice", August 9, 2000 Source: CCN Type: OSVDB ID: 1492 Multiple Vendor JVM ServerSocket Object Privilege Escalation Source: CCN Type: OSVDB ID: 1493 Netscape Multiple Protocol Java Applet File Disclosure Source: BID Type: Exploit, Patch, Vendor Advisory 1545 Source: CCN Type: BID-1545 Multiple Vendor Java Virtual Machine Listening Socket Vulnerability Source: CCN Type: BID-1546 Netscape Communicator URL Read Vulnerability Source: BUGTRAQ Type: Vendor Advisory 20000805 Dangerous Java/Netscape Security Hole Source: BUGTRAQ Type: Vendor Advisory 20000816 JDK 1.1.x Listening Socket Vulnerability (was Re: BrownOrifice can break firewalls!) Source: CCN Type: SuSE Security Announcement #60 Netscape, Versions 4.x, possibly others Source: XF Type: UNKNOWN java-brownorifice(5032) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||