Netscape Communicator长参数漏洞

漏洞信息详情

Netscape Communicator长参数漏洞

• CNNVD编号：CNNVD-199911-070
• 危害等级： 高危
  
  
• CVE编号：
  CVE-1999-1189
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  1999-11-24
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-13
  
• 厂        商：
  
  netscape
• 漏洞来源：
  Posted to bugtraq …

Windows 95 和 Windows 98的Netscape Navigator/Communicator 4.7存在缓冲区溢出漏洞。远程攻击者可以利用以 .asp， .cgi， .html， 或.pl文件作为参考的URL中？字符后的长参数引起服务拒绝以及可能执行任意指令。

Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
It seems Netscape has quietly fixed the vulnerability in the version of the software available for download from their web site. Notice that they have not changed the version number (4.7) or that they have informed their customers.

来源: BID
名称: 822
链接:http://www.securityfocus.com/bid/822

来源: XF
名称: netscape-long-argument-bo(7884)
链接:http://xforce.iss.net/xforce/xfdb/7884

来源: BUGTRAQ
名称: 19991127 Netscape Communicator 4.7 – Navigator Overflows
链接:http://www.securityfocus.com/archive/1/36608

来源: BUGTRAQ
名称: 19991124 Netscape Communicator 4.7 – Navigator Overflows
链接:http://www.securityfocus.com/archive/1/36306