CVE-2000-0960
Summary
| CVE | CVE-2000-0960 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2000-12-19 05:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse. |
Risk And Classification
Primary CVSS: v2.0 5 from [email protected]
AV:N/AC:L/Au:N/C:P/I:N/A:N
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:L/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Netscape | Messaging Server | 4.15 | All | All | All |
| Application | Netscape | Messaging Server | 4.15 | patch1 | All | All |
| Application | Netscape | Messaging Server | 4.15 | patch2 | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Netscape Messaging Server Email Address Verification Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Exploit, Vendor Advisory |
| 'Netscape Messaging server 4.15 poor error strings' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.