Lucene search

MitreCVE-2002-1204

HistoryNov 29, 2002 - 5:00 a.m.

CVE-2002-1204

2002-11-2905:00:00

mitre

web.nvd.nist.gov

netscape communicator

4.x

vulnerability

theft

user preferences

cve-2002-1204

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.004

Percentile

72.1%

JSON

Netscape Communicator 4.x allows attackers to use a link to steal a user’s preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name.

Affected configurations

Nvd

Node

netscapecommunicatorMatch4.6

netscapecommunicatorMatch4.7

netscapecommunicatorMatch4.61

netscapecommunicatorMatch4.72

netscapecommunicatorMatch4.73

netscapecommunicatorMatch4.74

netscapecommunicatorMatch4.75

netscapecommunicatorMatch4.76

netscapecommunicatorMatch4.77

netscapecommunicatorMatch4.78

VendorProductVersionCPE
netscapecommunicator4.6cpe:2.3:a:netscape:communicator:4.6:*:*:*:*:*:*:*
netscapecommunicator4.7cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*
netscapecommunicator4.61cpe:2.3:a:netscape:communicator:4.61:*:*:*:*:*:*:*
netscapecommunicator4.72cpe:2.3:a:netscape:communicator:4.72:*:*:*:*:*:*:*
netscapecommunicator4.73cpe:2.3:a:netscape:communicator:4.73:*:*:*:*:*:*:*
netscapecommunicator4.74cpe:2.3:a:netscape:communicator:4.74:*:*:*:*:*:*:*
netscapecommunicator4.75cpe:2.3:a:netscape:communicator:4.75:*:*:*:*:*:*:*
netscapecommunicator4.76cpe:2.3:a:netscape:communicator:4.76:*:*:*:*:*:*:*
netscapecommunicator4.77cpe:2.3:a:netscape:communicator:4.77:*:*:*:*:*:*:*
netscapecommunicator4.78cpe:2.3:a:netscape:communicator:4.78:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netscape	communicator	4.6	cpe:2.3:a:netscape:communicator:4.6:::::::*
netscape	communicator	4.7	cpe:2.3:a:netscape:communicator:4.7:::::::*
netscape	communicator	4.61	cpe:2.3:a:netscape:communicator:4.61:::::::*
netscape	communicator	4.72	cpe:2.3:a:netscape:communicator:4.72:::::::*
netscape	communicator	4.73	cpe:2.3:a:netscape:communicator:4.73:::::::*
netscape	communicator	4.74	cpe:2.3:a:netscape:communicator:4.74:::::::*
netscape	communicator	4.75	cpe:2.3:a:netscape:communicator:4.75:::::::*
netscape	communicator	4.76	cpe:2.3:a:netscape:communicator:4.76:::::::*
netscape	communicator	4.77	cpe:2.3:a:netscape:communicator:4.77:::::::*
netscape	communicator	4.78	cpe:2.3:a:netscape:communicator:4.78:::::::*

References

archives.neohapsis.com/archives/vulnwatch/2002-q4/0081.html

www.idefense.com/advisory/11.19.02c.txt

www.iss.net/security_center/static/10655.php

www.securityfocus.com/bid/6215

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.004

Percentile

72.1%

JSON

Related for CVE-2002-1204