WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=110693045507245&w=2 | |
http://secunia.com/advisories/14058 | Patch Vendor Advisory |
http://securitytracker.com/id?1013036 | |
http://www.oliverkarow.de/research/WebWasherCONNECT.txt | Exploit Vendor Advisory |
http://www.securityfocus.com/bid/12394 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/19144 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2005-01-28 05:00
Updated : 2017-07-11 01:32
NVD link : CVE-2005-0316
Mitre link : CVE-2005-0316
CVE.ORG link : CVE-2005-0316
JSON object : View
Products Affected
webwasher
- webwasher_classic
CWE