Vulnerabilities > CVE-2005-0316 - Unspecified vulnerability in Webwasher Classic 2.2.1/3.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | WebWasher Classic 2.2/2.3 HTTP CONNECT Unauthorized Access. CVE-2005-0316. Remote exploits for multiple platform |
id | EDB-ID:25066 |
last seen | 2016-02-03 |
modified | 2005-01-28 |
published | 2005-01-28 |
reporter | Oliver Karow |
source | https://www.exploit-db.com/download/25066/ |
title | WebWasher Classic 2.2/2.3 HTTP CONNECT Unauthorized Access |
Nessus
NASL family | Web Servers |
NASL id | WEBWASHER_UNAUTHORIZED.NASL |
description | There is a flaw in the remote WebWasher Proxy. The Proxy, when issued a CONNECT command for 127.0.0.1 (or localhost/loopback), will comply with the request and initiate a connection to the local machine. This bypasses any sort of firewalling as well as gives access to local applications which are only bound to the loopback. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 16277 |
published | 2005-01-31 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/16277 |
title | WebWasher Classic Server Mode Arbitrary Proxy CONNECT Request |
code |
|