CVE-2005-0316 : WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly

WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.

Published 2005-01-28 05:00:00

Updated 2017-07-11 01:32:13

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2005-0316

Webwasher » Webwasher Classic » Version: 2.2.1
cpe:2.3:a:webwasher:webwasher_classic:2.2.1:*:*:*:*:*:*:*
Matching versions
Webwasher » Webwasher Classic » Version: 3.3
cpe:2.3:a:webwasher:webwasher_classic:3.3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-0316

EPSS FAQ

10.76%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-0316

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2005-0316

http://marc.info/?l=bugtraq&m=110693045507245&w=2
http://www.securityfocus.com/bid/12394

Patch;Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19144
http://securitytracker.com/id?1013036
http://www.oliverkarow.de/research/WebWasherCONNECT.txt

Exploit;Vendor Advisory

Jump to

Vulnerability Details : CVE-2005-0316

Products affected by CVE-2005-0316

Exploit prediction scoring system (EPSS) score for CVE-2005-0316

CVSS scores for CVE-2005-0316

References for CVE-2005-0316