Vulnerability CVE-2005-0316
Published: 2005-01-28   Modified: 2012-02-12

Description:
WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Webwasher -> Webwasher classic 

 References:
http://www.securityfocus.com/bid/12394
http://secunia.com/advisories/14058
http://xforce.iss.net/xforce/xfdb/19144
http://www.oliverkarow.de/research/WebWasherCONNECT.txt
http://marc.theaimsgroup.com/?l=bugtraq&m=110693045507245&w=2
http://securitytracker.com/id?1013036
Copyright 2024, cxsecurity.com

 

Back to Top