ID CVE-2004-0826
Summary Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:certificate_server:1.0:patch1:*:*:*:*:*:*
    cpe:2.3:a:netscape:certificate_server:1.0:patch1:*:*:*:*:*:*
  • cpe:2.3:a:netscape:certificate_server:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:certificate_server:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:directory_server:1.3:patch5:*:*:*:*:*:*
    cpe:2.3:a:netscape:directory_server:1.3:patch5:*:*:*:*:*:*
  • cpe:2.3:a:netscape:directory_server:3.1:patch1:*:*:*:*:*:*
    cpe:2.3:a:netscape:directory_server:3.1:patch1:*:*:*:*:*:*
  • cpe:2.3:a:netscape:directory_server:3.12:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:directory_server:3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:directory_server:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:directory_server:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:directory_server:4.11:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:directory_server:4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:directory_server:4.13:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:directory_server:4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:2.0.1c:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:2.0.1c:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:2.0a:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:2.0a:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:3.0.1b:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.0.1b:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:3.0.7a:*:netware:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.0.7a:*:netware:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:3.0l:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.0l:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:3.5:*:solaris:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.5:*:solaris:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:3.6:*:solaris:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.6:*:solaris:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:3.6:sp1:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.6:sp1:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:3.6:sp2:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.6:sp2:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:3.6:sp3:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:3.6:sp3:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:4.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:4.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:4.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:4.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:4.1:sp5:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:4.1:sp5:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:4.1:sp6:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:4.1:sp6:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:4.1:sp7:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:4.1:sp7:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:4.1:sp8:*:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:4.1:sp8:*:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:4.1.1:*:netware:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:4.1.1:*:netware:*:*:*:*:*
  • cpe:2.3:a:netscape:enterprise_server:5.0:*:netware:*:*:*:*:*
    cpe:2.3:a:netscape:enterprise_server:5.0:*:netware:*:*:*:*:*
  • cpe:2.3:a:netscape:personalization_engine:*:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:personalization_engine:*:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:java_enterprise_system:2003q4:*:*:*:*:*:*:*
    cpe:2.3:a:sun:java_enterprise_system:2003q4:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:java_enterprise_system:2004q2:*:*:*:*:*:*:*
    cpe:2.3:a:sun:java_enterprise_system:2004q2:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:java_system_application_server:7.0:*:enterprise:*:*:*:*:*
    cpe:2.3:a:sun:java_system_application_server:7.0:*:enterprise:*:*:*:*:*
  • cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*
    cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*
  • cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*
    cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*
  • cpe:2.3:a:sun:java_system_application_server:7.0:ur4:*:*:*:*:*:*
    cpe:2.3:a:sun:java_system_application_server:7.0:ur4:*:*:*:*:*:*
  • cpe:2.3:a:sun:java_system_application_server:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:java_system_application_server:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_application_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:one_application_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_application_server:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:sun:one_application_server:6.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_application_server:6.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:sun:one_application_server:6.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp12:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp12:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp13:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp13:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp14:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp14:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:6.0:sp7:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:6.0:sp7:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:6.0:sp8:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:6.0:sp8:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:6.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:6.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:6.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:6.1:sp2:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 11015
hp SSRT4779
iss 20040823 Netscape NSS Library Remote Compromise
xf sslv2-client-hello-overflow(16314)
Last major update 11-07-2017 - 01:30
Published 31-12-2004 - 05:00
Back to Top