CVE-2005-0316

Опубликовано: 28 янв. 2005

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.

Ссылки

http://marc.info/?l=bugtraq&m=110693045507245&w=2
http://secunia.com/advisories/14058
Patch
Vendor Advisory
http://securitytracker.com/id?1013036
http://www.oliverkarow.de/research/WebWasherCONNECT.txt
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/12394
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19144
http://marc.info/?l=bugtraq&m=110693045507245&w=2
http://secunia.com/advisories/14058
Patch
Vendor Advisory
http://securitytracker.com/id?1013036
http://www.oliverkarow.de/research/WebWasherCONNECT.txt
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/12394
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19144

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:webwasher:webwasher_classic:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:webwasher:webwasher_classic:3.3:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.13907

Средний

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-rhrp-h4q5-hrfx

github

почти 4 года назад