Vulnerability Details : CVE-2005-3654
Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of packets with 0xFF characters to the Telnet port (TCP 23), which corrupts the heap.
Vulnerability category: Execute codeDenial of service
Products affected by CVE-2005-3654
- cpe:2.3:a:bluecoat:webproxy:4.0:r1h:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:4.0:r1k:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:5.1:r1a:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:5.1:r1d:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:4.0:r1a:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:4.0:r1m:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:4.0:r1n:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:5.1:r1e:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:5.2:r1a:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:4.0:r1e:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:4.0:r1f:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:5.0:r1b:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:5.0:r1c:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:4.0:r1b:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:4.0:r1c:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:4.0:r1p:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:5.0:r1a:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:6.0:r1a:*:*:*:*:*:*
- cpe:2.3:a:bluecoat:webproxy:6.0:r1c:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-3654
3.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-3654
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2005-3654
-
http://securitytracker.com/id?1015442
Patch
-
http://securityreason.com/securityalert/322
-
http://www.securityfocus.com/bid/16149
-
http://www.winproxy.com/products/relnotes.asp
-
http://secunia.com/advisories/18288
Patch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2006/0065
-
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=365
Patch;Vendor Advisory
Jump to