Vulnerability Details CVE-2004-0826
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 85.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=109351293827731&w=2
- http://www.securityfocus.com/bid/11015
- http://xforce.iss.net/xforce/alerts/id/180
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16314
- http://marc.info/?l=bugtraq&m=109351293827731&w=2
- http://www.securityfocus.com/bid/11015
- http://xforce.iss.net/xforce/alerts/id/180
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16314
Products affected by CVE-2004-0826
-
cpe:2.3:a:mozilla:network_security_services:3.2
-
cpe:2.3:a:mozilla:network_security_services:3.2.1
-
cpe:2.3:a:mozilla:network_security_services:3.3
-
cpe:2.3:a:mozilla:network_security_services:3.3.1
-
cpe:2.3:a:mozilla:network_security_services:3.3.2
-
cpe:2.3:a:mozilla:network_security_services:3.4
-
cpe:2.3:a:mozilla:network_security_services:3.4.1
-
cpe:2.3:a:mozilla:network_security_services:3.4.2
-
cpe:2.3:a:mozilla:network_security_services:3.5
-
cpe:2.3:a:mozilla:network_security_services:3.6
-
cpe:2.3:a:mozilla:network_security_services:3.6.1
-
cpe:2.3:a:mozilla:network_security_services:3.7
-
cpe:2.3:a:mozilla:network_security_services:3.7.1
-
cpe:2.3:a:mozilla:network_security_services:3.7.2
-
cpe:2.3:a:mozilla:network_security_services:3.7.3
-
cpe:2.3:a:mozilla:network_security_services:3.7.5
-
cpe:2.3:a:mozilla:network_security_services:3.7.7
-
cpe:2.3:a:mozilla:network_security_services:3.8
-
cpe:2.3:a:mozilla:network_security_services:3.9
-
cpe:2.3:a:netscape:certificate_server:1.0
-
cpe:2.3:a:netscape:certificate_server:4.2
-
cpe:2.3:a:netscape:directory_server:1.3
-
cpe:2.3:a:netscape:directory_server:3.1
-
cpe:2.3:a:netscape:directory_server:3.12
-
cpe:2.3:a:netscape:directory_server:4.1
-
cpe:2.3:a:netscape:directory_server:4.11
-
cpe:2.3:a:netscape:directory_server:4.13
-
cpe:2.3:a:netscape:enterprise_server:2.0
-
cpe:2.3:a:netscape:enterprise_server:2.0.1c
-
cpe:2.3:a:netscape:enterprise_server:2.0a
-
cpe:2.3:a:netscape:enterprise_server:3.0
-
cpe:2.3:a:netscape:enterprise_server:3.0.1
-
cpe:2.3:a:netscape:enterprise_server:3.0.1b
-
cpe:2.3:a:netscape:enterprise_server:3.0.7a
-
cpe:2.3:a:netscape:enterprise_server:3.0l
-
cpe:2.3:a:netscape:enterprise_server:3.1
-
cpe:2.3:a:netscape:enterprise_server:3.2
-
cpe:2.3:a:netscape:enterprise_server:3.3
-
cpe:2.3:a:netscape:enterprise_server:3.4
-
cpe:2.3:a:netscape:enterprise_server:3.5
-
cpe:2.3:a:netscape:enterprise_server:3.5.1
-
cpe:2.3:a:netscape:enterprise_server:3.6
-
cpe:2.3:a:netscape:enterprise_server:4.0
-
cpe:2.3:a:netscape:enterprise_server:4.1
-
cpe:2.3:a:netscape:enterprise_server:4.1.1
-
cpe:2.3:a:netscape:enterprise_server:5.0
-
cpe:2.3:a:netscape:personalization_engine:-
-
cpe:2.3:a:sun:java_enterprise_system:2003q4
-
cpe:2.3:a:sun:java_enterprise_system:2004q2
-
cpe:2.3:a:sun:java_system_application_server:7.0
-
cpe:2.3:a:sun:java_system_application_server:7.1
-
cpe:2.3:a:sun:one_application_server:6.0
-
cpe:2.3:a:sun:one_web_server:4.1
-
cpe:2.3:a:sun:one_web_server:6.0
-
cpe:2.3:a:sun:one_web_server:6.1
-
cpe:2.3:o:hp:hp-ux:11.00
-
cpe:2.3:o:hp:hp-ux:11.11
-
cpe:2.3:o:hp:hp-ux:11.23