| Vulnerability Name: | CVE-2000-1187 (CCN-5542) | ||||||||
| Assigned: | 2000-11-06 | ||||||||
| Published: | 2000-11-06 | ||||||||
| Updated: | 2017-10-10 | ||||||||
| Summary: | Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-00:66 Client vulnerability in Netscape Source: FREEBSD Type: Patch, Vendor Advisory FreeBSD-SA-00:66 Source: CCN Type: Conectiva Linux Announcement CLSA-2000:344 netscape: Remote buffer overflow Source: CCN Type: Immunix OS Security Advisory IMNX-2000-70-008-01 netscape Source: MITRE Type: CNA CVE-2000-1187 Source: CONECTIVA Type: UNKNOWN CLSA-2000:344 Source: SUSE Type: UNKNOWN SuSE-SA:2000:48 Source: BUGTRAQ Type: UNKNOWN 20001121 Immunix OS Security update for netscape Source: CCN Type: RHSA-2000-109 New Netscape packages available Source: CCN Type: CIAC Information Bulletin L-022 Red Hat Linux Netscape HTML Buffer Overflow Source: CCN Type: TurboLinux Security Announcement TLSA2000020-2 netscape-communicator-4.76-5 Source: OSVDB Type: UNKNOWN 7207 Source: CCN Type: OSVDB ID: 7207 Netscape HTML Parser Long Password Overflow Source: REDHAT Type: Patch, Vendor Advisory RHSA-2000:109 Source: CCN Type: SuSE Security Announcement SuSE-SA:2000:048 netscape Source: CCN Type: MandrakeSoft Security Advisory MDKSA-2000:080 netscape Source: XF Type: UNKNOWN netscape-client-html-bo(5542) Source: XF Type: UNKNOWN netscape-client-html-bo(5542) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||