CVE-2005-2703

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2005-2703
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://www.mozilla.org/security/announce/mfsa2005-58.html
http://www.redhat.com/support/errata/RHSA-2005-785.html
http://securitytracker.com/id?1014954
http://www.mandriva.com/security/advisories?name=MDKSA-2005:169
http://www.mandriva.com/security/advisories?name=MDKSA-2005:170
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
http://www.ubuntu.com/usn/usn-200-1
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
http://www.redhat.com/support/errata/RHSA-2005-789.html
http://www.securityfocus.com/bid/14923
http://secunia.com/advisories/16911 Vendor Advisory
http://secunia.com/advisories/16917 Vendor Advisory
http://www.debian.org/security/2005/dsa-868
http://www.redhat.com/support/errata/RHSA-2005-791.html
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://www.securityfocus.com/bid/15495
http://secunia.com/advisories/17042 Vendor Advisory
http://secunia.com/advisories/17090 Vendor Advisory
http://secunia.com/advisories/17149 Vendor Advisory
http://secunia.com/advisories/17284 Vendor Advisory
http://www.debian.org/security/2005/dsa-838
http://www.debian.org/security/2005/dsa-866
http://secunia.com/advisories/17026 Vendor Advisory
http://secunia.com/advisories/17263 Vendor Advisory
http://www.novell.com/linux/security/advisories/2005_58_mozilla.html
http://secunia.com/advisories/16977 Vendor Advisory
http://secunia.com/advisories/17014 Vendor Advisory
http://www.vupen.com/english/advisories/2005/1824
https://exchange.xforce.ibmcloud.com/vulnerabilities/22376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1089
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10767
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:*
Information

Published : 2005-09-23 12:03

Updated : 2017-10-10 18:30

NVD link : CVE-2005-2703

Mitre link : CVE-2005-2703

JSON object : View

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

dedicated server usa
Products Affected

mozilla

  • firefox
  • mozilla_suite