← back
CVE-2005-0316

CVE-2005-0316

EPSS 8.1%
WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/25066unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=110693045507245&w=2http://secunia.com/advisories/14058http://securitytracker.com/id?1013036https://exchange.xforce.ibmcloud.com/vulnerabilities/19144http://www.oliverkarow.de/research/WebWasherCONNECT.txthttp://www.securityfocus.com/bid/12394