Lucene search
HistoryJan 22, 2001 - 5:00 a.m.
CVE-2000-0960
cve-2000-0960
netscape messaging server
pop3 server
email harvesting
spam abuse
security flaw
6.6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
76.3%
The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse.
Affected configurations
Node
netscapemessaging_serverMatch4.15
ORnetscapemessaging_serverMatch4.15patch1
ORnetscapemessaging_serverMatch4.15patch2
| CPE | Name | Operator | Version |
|---|---|---|---|
| netscape:messaging_server | netscape messaging server | eq | 4.15 |
Related
nvd
nvd
CVE-2000-0960
2000-12-19 05:00:00
nessus
nessus
Netscape Messenging Server POP3 Error Message User Account Enumeration
2001-05-29 00:00:00
cvelist
cvelist
CVE-2000-0960
2001-01-22 05:00:00
6.6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
76.3%
Related for CVE-2000-0960