Lucene search

[email protected]CVE-2004-1606

HistoryOct 18, 2004 - 4:00 a.m.

CVE-2004-1606

2004-10-1804:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-1606

saleslogix

denial of service

vulnerability

http request

error log message

remote attack

7.2 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.02 Low

EPSS

Percentile

88.6%

JSON

slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie.

CPENameOperatorVersion
saleslogix_corporation:saleslogixsaleslogix corporation saleslogixeq2000.0
best_software:saleslogixbest software saleslogixeq*

CPE	Name	Operator	Version
saleslogix_corporation:saleslogix	saleslogix corporation saleslogix	eq	2000.0
best_software:saleslogix	best software saleslogix	eq	*

References

archives.neohapsis.com/archives/fulldisclosure/2004-10/0661.html

marc.info/?l=bugtraq&m=109811852218478&w=2

secunia.com/advisories/12883

securitytracker.com/id?1011769

www.osvdb.org/10943

www.securityfocus.com/bid/11450

exchange.xforce.ibmcloud.com/vulnerabilities/17750

7.2 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.02 Low

EPSS

Percentile

88.6%

JSON