Lucene search

MitreCVE-2004-1609

HistoryFeb 20, 2005 - 5:00 a.m.

CVE-2004-1609

2005-02-2005:00:00

mitre

web.nvd.nist.gov

saleslogix

6.1

http response

leakage

usernames

passwords

sensitive information

remote attackers

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.011

Percentile

84.9%

JSON

SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote attackers to gain access.

Affected configurations

Nvd

Node

best_softwaresaleslogix

saleslogix_corporationsaleslogixMatch2000.0

VendorProductVersionCPE
best_softwaresaleslogix*cpe:2.3:a:best_software:saleslogix:*:*:*:*:*:*:*:*
saleslogix_corporationsaleslogix2000.0cpe:2.3:a:saleslogix_corporation:saleslogix:2000.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
best_software	saleslogix	*	cpe:2.3:a:best_software:saleslogix::::::::
saleslogix_corporation	saleslogix	2000.0	cpe:2.3:a:saleslogix_corporation:saleslogix:2000.0:::::::*

References

archives.neohapsis.com/archives/fulldisclosure/2004-10/0661.html

marc.info/?l=bugtraq&m=109811852218478&w=2

secunia.com/advisories/12883

securitytracker.com/id?1011769

www.osvdb.org/10946

www.securityfocus.com/bid/11450

exchange.xforce.ibmcloud.com/vulnerabilities/17753

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.011

Percentile

84.9%

JSON

Related for CVE-2004-1609