Vulnerability Details : CVE-2005-2395
Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.
Products affected by CVE-2005-2395
- cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-2395
0.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-2395
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2005-2395
-
http://securityreason.com/securityalert/8
-
http://www.securiteam.com/securitynews/5PP0L00GUQ.html
-
http://www.securityfocus.com/bid/14325
-
https://bugzilla.mozilla.org/show_bug.cgi?id=281851
-
http://www.securityfocus.com/archive/1/405666
Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/22272
Jump to