CVE-2000-0517

3 documents3 sources
Severity
5.0MEDIUM
EPSS
1.0%
top 23.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netscape Communicator
Timeline
PublishedMay 26
Latest updateApr 30

Description

Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDnetscape/communicator8 versions+7

Patches

Patch: www.cert.orgPatch: www.securityfocus.comPatch: www.cert.org

🔴Vulnerability Details

2
GHSA
GHSA-h63x-8w34-4hj2: Netscape 42022-04-30
CVEList
CVE-2000-0517: Netscape 42000-10-13
CVE-2000-0517 (MEDIUM CVSS 5) | Netscape 4.73 and earlier does not | cvebase.io