CVE-2004-0612

critical

Description

The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mobile code within an SSL encrypted session, which could allow remote attackers to bypass the mobile code filtering. NOTE: it has been disputed by the vendor that this behavior is required by the SSL specification.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/16471

http://www.securityfocus.com/bid/10584

http://marc.info/?l=bugtraq&m=108786444608208&w=2

http://archives.neohapsis.com/archives/bugtraq/2004-06/0420.html

Details

Source: Mitre, NVD

Published: 2004-12-06

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00363