WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=110693045507245&w=2 | |
http://secunia.com/advisories/14058 | Patch Vendor Advisory |
http://securitytracker.com/id?1013036 | |
http://www.oliverkarow.de/research/WebWasherCONNECT.txt | Exploit Vendor Advisory |
http://www.securityfocus.com/bid/12394 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/19144 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-02-10T05:00:00
Updated: 2017-07-10T14:57:01
Reserved: 2005-02-10T00:00:00
Link: CVE-2005-0316
JSON object: View
NVD Information
Status : Modified
Published: 2005-01-28T05:00:00.000
Modified: 2017-07-11T01:32:13.453
Link: CVE-2005-0316
JSON object: View
Redhat Information
No data.
CWE