Vulnerability in Hp Hp-ux
CVE-2004-0826
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
EPSS: 0.225 (97.4th percentile) — read the EPSS interpretation.
Affected products
- Hp Hp-ux — versions 11.00, 11.11, 11.23
- Mozilla Network_security_services — versions 3.2, 3.2.1, 3.3
- Netscape Certificate_server — versions 1.0, 4.2
- Netscape Directory_server — versions 1.3, 3.1, 3.12
- Netscape Enterprise_server — versions 2.0, 2.0.1c, 2.0a
- Netscape Personalization_engine
- Sun Java_enterprise_system — versions 2003q4, 2004q2
- Sun Java_system_application_server — versions 7.0, 7.1
- Sun One_application_server — versions 6.0
- Sun One_web_server — versions 4.1, 6.0, 6.1
References
- cve@mitre.org (Patch, vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_ISS, Patch, Vendor Advisory, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_HP, vendor-advisory)