Lucene search

[email protected]NVD:CVE-2005-0316

HistoryJan 28, 2005 - 5:00 a.m.

CVE-2005-0316

2005-01-2805:00:00

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.051 Low

EPSS

Percentile

93.0%

JSON

WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.

Affected configurations

NVD

Node

webwasherwebwasher_classicMatch2.2.1

webwasherwebwasher_classicMatch3.3

References

marc.info/?l=bugtraq&m=110693045507245&w=2

secunia.com/advisories/14058

securitytracker.com/id?1013036

www.oliverkarow.de/research/WebWasherCONNECT.txt

www.securityfocus.com/bid/12394

exchange.xforce.ibmcloud.com/vulnerabilities/19144

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.051 Low

EPSS

Percentile

93.0%

JSON

Related for NVD:CVE-2005-0316

cvelist1 cve1 nessus1