CVE-2000-0406

Description

Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.

Affected products

• netscape / communicator4.0 – 4.0
• netscape / communicator4.05 – 4.05
• netscape / communicator4.5 – 4.5
• netscape / communicator4.5_beta – 4.5_beta
• netscape / communicator4.06 – 4.06
• netscape / communicator4.6 – 4.6
• netscape / communicator4.07 – 4.07
• netscape / communicator4.7 – 4.7
• netscape / communicator4.51 – 4.51
• netscape / communicator4.61 – 4.61
• netscape / communicator4.72 – 4.72

References

• MISChttp://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txt
• MISChttp://www.redhat.com/support/errata/RHSA-2000-028.html
• VENDOR_ADVISORYhttp://www.cert.org/advisories/CA-2000-05.html
• MISChttp://www.securityfocus.com/bid/1188