PT-1999-1678 · Netscape · Netscape Communicator

Publicado

1999-10-05

Atualizado

2016-10-18

CVE-1999-1357

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Netscape Communicator versions 4.04 through 4.7

Description: The issue allows remote attackers to attack other clients via cross-site scripting in CGI programs that do not filter certain characters. Specifically, Netscape Communicator converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign.

Recommendations: For Netscape Communicator versions 4.04 through 4.7, consider filtering the 0x8b and 0x9b characters in CGI programs to prevent cross-site scripting attacks. As a temporary workaround, restrict the use of CGI programs that do not filter these characters until a more permanent solution is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-1999-1357

Produtos afetados

Netscape Communicator

PT-1999-1678 · Netscape · Netscape Communicator

CVE-1999-1357

Identificadores relacionados

Produtos afetados

Referências · 2