Lucene search

[email protected]CVE-2005-4514

HistoryDec 23, 2005 - 1:03 a.m.

CVE-2005-4514

2005-12-2301:03:00

[email protected]

web.nvd.nist.gov

webwasher

csm

appliance

suite

script detection

token

case-sensitive

cve-2005-4514

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.5%

JSON

The encapsulation script mechanism in Webwasher CSM Appliance Suite 5.x uses case-sensitive detection of malicious tokens, which allows attackers to bypass script detection by using tokens that can be upper or lower case. NOTE: the vendor has stated that this problem could not be reproduced, and has asked the researcher for more information, without a response as of 20060103

Affected configurations

NVD

Node

webwashercsm_appliance_suiteMatch5.0

CPENameOperatorVersion
webwasher:csm_appliance_suitewebwasher csm appliance suiteeq5.0

CPE	Name	Operator	Version
webwasher:csm_appliance_suite	webwasher csm appliance suite	eq	5.0

References

securityreason.com/securityalert/293

www.securityfocus.com/archive/1/420106/100/0/threaded

www.securityfocus.com/archive/1/420158/100/0/threaded

www.securityfocus.com/archive/1/420678/100/0/threaded

www.securityfocus.com/bid/16047

exchange.xforce.ibmcloud.com/vulnerabilities/23884

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.5%

JSON

Related for CVE-2005-4514

nvd1 cvelist1