Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0711

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2000-0711
Last Modified 05 Sep 2008 04:21:42
Published 20 Oct 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0711

Summary

Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.

Vulnerable Systems

Application

  • Microsoft Virtual Machine 2000

  • Microsoft Virtual Machine 3100

  • Microsoft Virtual Machine 3200

  • Microsoft Virtual Machine 3300

  • Netscape Communicator 4.0

  • Netscape Communicator 4.04

  • Netscape Communicator 4.05

  • Netscape Communicator 4.06

  • Netscape Communicator 4.07

  • Netscape Communicator 4.08

  • Netscape Communicator 4.5

  • Netscape Communicator 4.51

  • Netscape Communicator 4.6

  • Netscape Communicator 4.61

  • Netscape Communicator 4.7

  • Netscape Communicator 4.72

  • Netscape Communicator 4.73

  • Netscape Communicator 4.74


References

CERT - CA-2000-15

BID - 1545

BUGTRAQ - 20000816 JDK 1.1.x Listening Socket Vulnerability (was Re: BrownOrifice can break firewalls!)

BUGTRAQ - 20000805 Dangerous Java/Netscape Security Hole


Last Updated: 27 May 2016 10:35:50