Shodan
Vulnerabilities
Vulnerable Software
Netscape:  >> Communicator  >> 4.7  Security Vulnerabilities
CVE-2000-0406
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
CVSS Score
2.6
EPSS Score
0.007
Published
2000-05-10
CVE-2000-0409
Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.
CVSS Score
3.7
EPSS Score
0.001
Published
2000-05-10
CVE-1999-1002
Netscape Navigator uses weak encryption for storing a user's Netscape mail password.
CVSS Score
5.0
EPSS Score
0.003
Published
2000-01-12
CVE-2000-0087
Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.
CVSS Score
5.0
EPSS Score
0.008
Published
2000-01-12
CVE-2000-0034
Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."
CVSS Score
5.0
EPSS Score
0.006
Published
1999-12-22
CVE-1999-1189
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
CVSS Score
7.5
EPSS Score
0.024
Published
1999-11-24
CVE-1999-1226
Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.
CVSS Score
2.6
EPSS Score
0.005
Published
1999-10-28
CVE-1999-1357
Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.
CVSS Score
7.5
EPSS Score
0.012
Published
1999-10-05
CVE-1999-0537
A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc.
CVSS Score
7.5
EPSS Score
0.009
Published
1998-04-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved