CVE-2000-0406
published 2000-05-10CVE-2000-0406: Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by…
PriorityP48low2.6CVSS 2.0
AVNACHAuNCPINAN
EPSS
1.03%
59.3th percentile
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netscape | communicator | — | — |
| netscape | communicator | — | — |
| netscape | communicator | — | — |
| netscape | communicator | — | — |
| netscape | communicator | — | — |
| netscape | communicator | — | — |
| netscape | communicator | — | — |
| netscape | communicator | — | — |
| netscape | communicator | — | — |
| netscape | communicator | — | — |
| netscape | communicator | — | — |
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
vendor_redhat2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2000-05-12·CVSS 2.6
CVE-2000-0406 [LOW] security flaw
security flaw
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
Statement: This issue was fixed in the following products:
- Red Hat Linux 5.0 - RHSA-2000:028 (2000-05-19)
- Red Hat Linux 5.1 - RHSA-2000:028 (2000-05-19)
- Red Hat Linux 5.2 - RHSA-2000:028 (2000-05-19)
- Red Hat Linux 6.0 - RHSA-2000:028 (2000-05-19)
- Red Hat Linux 6.1 - RHSA-2000:028 (2000-05-19)
- Red Hat Linux 6.2 - RHSA-2000:028 (2000-05-19)
GHSA
GHSA-4x6c-6ppx-5vjq: Netscape Communicator before version 4
ghsa_unreviewed·2022-04-30
CVE-2000-0406 [LOW] GHSA-4x6c-6ppx-5vjq: Netscape Communicator before version 4
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
No detection rules found.
No public exploits indexed.
http://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txthttp://www.cert.org/advisories/CA-2000-05.htmlhttp://www.redhat.com/support/errata/RHSA-2000-028.htmlhttp://www.securityfocus.com/bid/1188http://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txthttp://www.cert.org/advisories/CA-2000-05.htmlhttp://www.redhat.com/support/errata/RHSA-2000-028.htmlhttp://www.securityfocus.com/bid/1188
2000-05-10
Published