CVE-2005-2703

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-2703
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://secunia.com/advisories/16911 Vendor Advisory
http://secunia.com/advisories/16917 Vendor Advisory
http://secunia.com/advisories/16977 Vendor Advisory
http://secunia.com/advisories/17014 Vendor Advisory
http://secunia.com/advisories/17026 Vendor Advisory
http://secunia.com/advisories/17042 Vendor Advisory
http://secunia.com/advisories/17090 Vendor Advisory
http://secunia.com/advisories/17149 Vendor Advisory
http://secunia.com/advisories/17263 Vendor Advisory
http://secunia.com/advisories/17284 Vendor Advisory
http://securitytracker.com/id?1014954
http://www.debian.org/security/2005/dsa-838
http://www.debian.org/security/2005/dsa-866
http://www.debian.org/security/2005/dsa-868
http://www.mandriva.com/security/advisories?name=MDKSA-2005:169
http://www.mandriva.com/security/advisories?name=MDKSA-2005:170
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
http://www.mozilla.org/security/announce/mfsa2005-58.html
http://www.novell.com/linux/security/advisories/2005_58_mozilla.html
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
http://www.redhat.com/support/errata/RHSA-2005-785.html
http://www.redhat.com/support/errata/RHSA-2005-789.html
http://www.redhat.com/support/errata/RHSA-2005-791.html
http://www.securityfocus.com/bid/14923
http://www.securityfocus.com/bid/15495
http://www.ubuntu.com/usn/usn-200-1
http://www.vupen.com/english/advisories/2005/1824
https://exchange.xforce.ibmcloud.com/vulnerabilities/22376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10767
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1089
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://secunia.com/advisories/16911 Vendor Advisory
http://secunia.com/advisories/16917 Vendor Advisory
http://secunia.com/advisories/16977 Vendor Advisory
http://secunia.com/advisories/17014 Vendor Advisory
http://secunia.com/advisories/17026 Vendor Advisory
http://secunia.com/advisories/17042 Vendor Advisory
http://secunia.com/advisories/17090 Vendor Advisory
http://secunia.com/advisories/17149 Vendor Advisory
http://secunia.com/advisories/17263 Vendor Advisory
http://secunia.com/advisories/17284 Vendor Advisory
http://securitytracker.com/id?1014954
http://www.debian.org/security/2005/dsa-838
http://www.debian.org/security/2005/dsa-866
http://www.debian.org/security/2005/dsa-868
http://www.mandriva.com/security/advisories?name=MDKSA-2005:169
http://www.mandriva.com/security/advisories?name=MDKSA-2005:170
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
http://www.mozilla.org/security/announce/mfsa2005-58.html
http://www.novell.com/linux/security/advisories/2005_58_mozilla.html
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
http://www.redhat.com/support/errata/RHSA-2005-785.html
http://www.redhat.com/support/errata/RHSA-2005-789.html
http://www.redhat.com/support/errata/RHSA-2005-791.html
http://www.securityfocus.com/bid/14923
http://www.securityfocus.com/bid/15495
http://www.ubuntu.com/usn/usn-200-1
http://www.vupen.com/english/advisories/2005/1824
https://exchange.xforce.ibmcloud.com/vulnerabilities/22376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10767
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1089
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
History

21 Nov 2024, 00:00

Type Values Removed Values Added
References () ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt - () ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt -
References () http://secunia.com/advisories/16911 - Vendor Advisory () http://secunia.com/advisories/16911 - Vendor Advisory
References () http://secunia.com/advisories/16917 - Vendor Advisory () http://secunia.com/advisories/16917 - Vendor Advisory
References () http://secunia.com/advisories/16977 - Vendor Advisory () http://secunia.com/advisories/16977 - Vendor Advisory
References () http://secunia.com/advisories/17014 - Vendor Advisory () http://secunia.com/advisories/17014 - Vendor Advisory
References () http://secunia.com/advisories/17026 - Vendor Advisory () http://secunia.com/advisories/17026 - Vendor Advisory
References () http://secunia.com/advisories/17042 - Vendor Advisory () http://secunia.com/advisories/17042 - Vendor Advisory
References () http://secunia.com/advisories/17090 - Vendor Advisory () http://secunia.com/advisories/17090 - Vendor Advisory
References () http://secunia.com/advisories/17149 - Vendor Advisory () http://secunia.com/advisories/17149 - Vendor Advisory
References () http://secunia.com/advisories/17263 - Vendor Advisory () http://secunia.com/advisories/17263 - Vendor Advisory
References () http://secunia.com/advisories/17284 - Vendor Advisory () http://secunia.com/advisories/17284 - Vendor Advisory
References () http://securitytracker.com/id?1014954 - () http://securitytracker.com/id?1014954 -
References () http://www.debian.org/security/2005/dsa-838 - () http://www.debian.org/security/2005/dsa-838 -
References () http://www.debian.org/security/2005/dsa-866 - () http://www.debian.org/security/2005/dsa-866 -
References () http://www.debian.org/security/2005/dsa-868 - () http://www.debian.org/security/2005/dsa-868 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2005:169 - () http://www.mandriva.com/security/advisories?name=MDKSA-2005:169 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2005:170 - () http://www.mandriva.com/security/advisories?name=MDKSA-2005:170 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2005:174 - () http://www.mandriva.com/security/advisories?name=MDKSA-2005:174 -
References () http://www.mozilla.org/security/announce/mfsa2005-58.html - () http://www.mozilla.org/security/announce/mfsa2005-58.html -
References () http://www.novell.com/linux/security/advisories/2005_58_mozilla.html - () http://www.novell.com/linux/security/advisories/2005_58_mozilla.html -
References () http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html - () http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html -
References () http://www.redhat.com/support/errata/RHSA-2005-785.html - () http://www.redhat.com/support/errata/RHSA-2005-785.html -
References () http://www.redhat.com/support/errata/RHSA-2005-789.html - () http://www.redhat.com/support/errata/RHSA-2005-789.html -
References () http://www.redhat.com/support/errata/RHSA-2005-791.html - () http://www.redhat.com/support/errata/RHSA-2005-791.html -
References () http://www.securityfocus.com/bid/14923 - () http://www.securityfocus.com/bid/14923 -
References () http://www.securityfocus.com/bid/15495 - () http://www.securityfocus.com/bid/15495 -
References () http://www.ubuntu.com/usn/usn-200-1 - () http://www.ubuntu.com/usn/usn-200-1 -
References () http://www.vupen.com/english/advisories/2005/1824 - () http://www.vupen.com/english/advisories/2005/1824 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/22376 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/22376 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10767 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10767 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1089 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1089 -
Information

Published : 2005-09-23 19:03

Updated : 2024-11-21 00:00

NVD link : CVE-2005-2703

Mitre link : CVE-2005-2703

CVE.ORG link : CVE-2005-2703

JSON object : View

Products Affected

mozilla

  • mozilla_suite
  • firefox
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024