CVE-2005-0316

2005-02-1005:00:00

mitre

www.cve.org

6.7 Medium

AI Score

Confidence

Low

0.051 Low

EPSS

Percentile

93.0%

JSON

WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.

References

marc.info/?l=bugtraq&m=110693045507245&w=2

secunia.com/advisories/14058

securitytracker.com/id?1013036

www.oliverkarow.de/research/WebWasherCONNECT.txt

www.securityfocus.com/bid/12394

exchange.xforce.ibmcloud.com/vulnerabilities/19144