CVE-2000-0960

Published: Dec 19, 2000Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse.

Affected (3)

Products: Netscape: Messaging Server

1 product

Messaging Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Netscape Messaging Server	Version 4.15
Netscape Messaging Server	Version 4.15 patch1
Netscape Messaging Server	Version 4.15 patch2

References (6)

http://marc.info/?l=bugtraq&m=97138100426121&w=2

Source: cve@mitre.org

http://www.securityfocus.com/bid/1787

Source: cve@mitre.org

ExploitVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/5364

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=97138100426121&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/1787

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/5364

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.