CVE Catalog

CVE-2000-0406

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.03%

59th percentile — higher than 59% of all known CVEs

Summary

Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, allowing remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server.

Risk Assessment

Organizations may be exposed to data theft, leading to loss of confidentiality and potential financial losses.

Recommendation

It is recommended to upgrade to the latest version of Netscape Communicator or Navigator to ensure proper SSL certificate validation.

Original NVD description (English source)

Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS