漏洞信息详情
Netscape Navigator 和Communicator无效SSL证书警告旁路漏洞
- CNNVD编号:CNNVD-200005-038
- 危害等级: 低危
- CVE编号: CVE-2000-0406
- 漏洞类型: 设计错误
- 发布时间: 2000-05-10
- 威胁类型: 远程
- 更新时间: 2005-10-12
- 厂 商: netscape
- 漏洞来源:
漏洞简介
Netscape Communicator4.73以前的版本和Navigator 4.07没有正确处理无效SSL证书,存在漏洞,远程攻击者可以通过重定向合法web服务器到自身恶意服务器窃取信息,也称\"Acros-Suencksen SSL\" 漏洞。
漏洞公告
Upgrading to Netscape Communicator 4.73 will solve this problem. Netscape has also made an application they call the "personal security manager", or PSM, to remedy this problem on older versions. It is available at http://www.iplanet.com/downloads/download/detail_128_316.HTML Redhat users can install the following RPMs: ftp://ftp.redhat.com/5.2/i386/netscape-common-4.73-0.5.2.i386.rpm ftp://ftp.redhat.com/5.2/i386/netscape-navigator-4.73-0.5.2.i386.rpm ftp://ftp.redhat.com/5.2/i386/netscape-communicator-4.73-0.5.2.i386.rpm ftp://ftp.redhat.com/6.2/i386/netscape-common-4.73-1.i386.rpm ftp://ftp.redhat.com/6.2/i386/netscape-navigator-4.73-1.i386.rpm ftp://ftp.redhat.com/6.2/i386/netscape-communicator-4.73-1.i386.rpm ftp://ftp.redhat.com/6.2/alpha/netscape-common-4.73-1.alpha.rpm ftp://ftp.redhat.com/6.2/alpha/netscape-navigator-4.73-1.alpha.rpm ftp://ftp.redhat.com/6.2/alpha/netscape-communicator-4.73-1.alpha.rpm
参考网址
来源:CERT/CC Advisory: CA-2000-05 名称: CA-2000-05 链接:http://www.cert.org/advisories/CA-2000-05.HTML 来源: BID 名称: 1188 链接:http://www.securityfocus.com/bid/1188 来源: REDHAT 名称: RHSA-2000:028 链接:http://www.redhat.com/support/errata/RHSA-2000-028.HTML 来源: www.acrossecurity.com 链接:http://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txt
受影响实体
- Netscape Communicator:4.0
- Netscape Communicator:4.05
- Netscape Communicator:4.06
- Netscape Communicator:4.07
- Netscape Communicator:4.5
补丁
暂无
评论