CVE-2000-0237 — Enterprise Server vulnerability

3 documents3 sources

Severity

6.4MEDIUMNVD

EPSS

0.4%

top 36.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netscape Enterprise Server

Timeline

PublishedMar 11

Latest updateApr 30

Description

Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDnetscape/enterprise_server3.5, 3.6+1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-r6v6-fr35-cgf3: Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher dire↗2022-04-30

▶

CVEList

CVE-2000-0237: Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher dire↗2000-10-13

▶