Lucene search

[email protected]CVE-2005-0316

HistoryFeb 10, 2005 - 5:00 a.m.

CVE-2005-0316

2005-02-1005:00:00

[email protected]

web.nvd.nist.gov

cve-2005-0316

webwasher classic

server mode

connect requests

access restrictions

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.051 Low

EPSS

Percentile

93.0%

JSON

WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.

Affected configurations

NVD

Node

webwasherwebwasher_classicMatch2.2.1

webwasherwebwasher_classicMatch3.3

CPENameOperatorVersion
webwasher:webwasher_classicwebwasher webwasher classiceq2.2.1
webwasher:webwasher_classicwebwasher webwasher classiceq3.3

CPE	Name	Operator	Version
webwasher:webwasher_classic	webwasher webwasher classic	eq	2.2.1
webwasher:webwasher_classic	webwasher webwasher classic	eq	3.3

References

marc.info/?l=bugtraq&m=110693045507245&w=2

secunia.com/advisories/14058

securitytracker.com/id?1013036

www.oliverkarow.de/research/WebWasherCONNECT.txt

www.securityfocus.com/bid/12394

exchange.xforce.ibmcloud.com/vulnerabilities/19144

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.051 Low

EPSS

Percentile

93.0%

JSON

Related for CVE-2005-0316

cvelist1 nvd1 nessus1