Vulnerability Name:

CVE-2000-0889

Assigned:2000-10-24
Published:2000-10-24
Updated:2005-10-20
Summary:Two Sun security certificates have been compromised, which could allow attackers to insert malicious code such as applets and make it appear that it is signed by Sun.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
References:Source: SUN
Type: VENDOR_ADVISORY
00198

Source: CERT
Type: VENDOR_ADVISORY
CA-2000-19

Source: XF
Type: UNKNOWN
sun-compromised-certificate(5404)

Vulnerable Configuration:
Configuration CCN 1:
  • cpe:/a:microsoft:ie:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:communicator:2.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    microsoft ie 3.0
    netscape communicator 2.0