Lucene search
HistoryOct 03, 2022 - 4:22 p.m.
CVE-2005-4687
punbb
f-art blog:cms
ip address
x-forwarded-for
http header
security vulnerability
cve-2005-4687
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.6%
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client’s IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header.
Affected configurations
Node
f-art_agencyblog_cmsMatch3.0
ORf-art_agencyblog_cmsMatch3.1
ORf-art_agencyblog_cmsMatch3.1.2
ORf-art_agencyblog_cmsMatch3.1.3
ORf-art_agencyblog_cmsMatch3.1.4
ORf-art_agencyblog_cmsMatch3.6.2
ORf-art_agencyblog_cmsMatch3.6.4
ORf-art_agencyblog_cmsMatch4.0.0
ORf-art_agencyblog_cmsMatch4.0.0a
ORf-art_agencyblog_cmsMatch4.0.0b
ORf-art_agencyblog_cmsMatch4.0.0c
ORf-art_agencyblog_cmsMatch4.0.0d
ORpunbbpunbbMatch1.2.1
ORpunbbpunbbMatch1.2.2
ORpunbbpunbbMatch1.2.3
ORpunbbpunbbMatch1.2.4
ORpunbbpunbbMatch1.2.5
ORpunbbpunbbMatch1.2.6
ORpunbbpunbbMatch1.2.7
ORpunbbpunbbMatch1.2.8
ORpunbbpunbbMatch1.2.9
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.6%
Related for CVE-2005-4687