CVE-2005-0316

critical

Description

WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/19144

http://www.securityfocus.com/bid/12394

http://securitytracker.com/id?1013036

http://secunia.com/advisories/14058

http://marc.info/?l=bugtraq&m=110693045507245&w=2

Details

Source: Mitre, NVD

Published: 2005-01-28

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

Detections

Analytics