Lucene search

[email protected]CVE-2004-0612

HistoryDec 06, 2004 - 5:00 a.m.

CVE-2004-0612

2004-12-0605:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

mobile code

zonealarm pro

ssl

remote attack

7.9 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.4%

JSON

The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mobile code within an SSL encrypted session, which could allow remote attackers to bypass the mobile code filtering. NOTE: it has been disputed by the vendor that this behavior is required by the SSL specification.

CPENameOperatorVersion
zonelabs:zonealarmzonelabs zonealarmeq5.0.590.015

CPE	Name	Operator	Version
zonelabs:zonealarm	zonelabs zonealarm	eq	5.0.590.015

References

archives.neohapsis.com/archives/bugtraq/2004-06/0420.html

marc.info/?l=bugtraq&m=108786444608208&w=2

www.securityfocus.com/bid/10584

exchange.xforce.ibmcloud.com/vulnerabilities/16471

7.9 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.4%

JSON