CVE-2005-0316

WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.oliverkarow.de/research/WebWasherCONNECT.txt	Exploit Vendor Advisory
http://www.securityfocus.com/bid/12394	Patch Vendor Advisory
http://secunia.com/advisories/14058	Patch Vendor Advisory
http://securitytracker.com/id?1013036
http://marc.info/?l=bugtraq&m=110693045507245&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/19144

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:webwasher:webwasher_classic:2.2.1:::::::*
	cpe:2.3:a:webwasher:webwasher_classic:3.3:::::::*

Information

Published : 2005-01-27 21:00

Updated : 2017-07-10 18:32

NVD link : CVE-2005-0316

Mitre link : CVE-2005-0316

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

webwasher

webwasher_classic

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.oliverkarow.de/research/WebWasherCONNECT.txt", "name": "http://www.oliverkarow.de/research/WebWasherCONNECT.txt", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/12394", "name": "12394", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/14058", "name": "14058", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1013036", "name": "1013036", "tags": [], "refsource": "SECTRACK"}, {"url": "http://marc.info/?l=bugtraq&m=110693045507245&w=2", "name": "20050128 WebWasher Classic - HTTP CONNECT weakness", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19144", "name": "webwasher-classic-connect-gain-access(19144)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-0316", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-01-28T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:webwasher:webwasher_classic:2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:webwasher:webwasher_classic:3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:32Z"}