PT-1999-1678 · Netscape · Netscape Communicator

Published

1999-10-05

Updated

2016-10-18

CVE-1999-1357

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Netscape Communicator versions 4.04 through 4.7

Description: The issue allows remote attackers to attack other clients via cross-site scripting in CGI programs that do not filter certain characters. Specifically, Netscape Communicator converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign.

Recommendations: For Netscape Communicator versions 4.04 through 4.7, consider filtering the 0x8b and 0x9b characters in CGI programs to prevent cross-site scripting attacks. As a temporary workaround, restrict the use of CGI programs that do not filter these characters until a more permanent solution is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-1357

Affected Products

Netscape Communicator

PT-1999-1678 · Netscape · Netscape Communicator

CVE-1999-1357

Related Identifiers

Affected Products

References · 2