Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1357

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-1999-1357
Last Modified 05 Sep 2008 04:19:19
Published 05 Oct 1999 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-1999-1357

Summary

Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.

Vulnerable Systems

Application

  • Netscape Communicator 4.04

  • Netscape Communicator 4.51

  • Netscape Communicator 4.7


References

BUGTRAQ - 19991005 Time to update those CGIs again


Last Updated: 27 May 2016 10:35:23