Lucene search

[email protected]CVE-2004-2649

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2649

2004-12-3105:00:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2004-2649

eudora

url obfuscation

remote attackers

security vulnerability

7.5 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.018 Low

EPSS

Percentile

88.0%

JSON

Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in the status bar by inserting a large number of characters (e.g. spaces coded as “&#32”) in the middle of the URL.

CPENameOperatorVersion
eudora:eudoraeudoraeq6.1.0.6

CPE	Name	Operator	Version
eudora:eudora	eudora	eq	6.1.0.6

References

archives.neohapsis.com/archives/bugtraq/2004-05/0066.html

secunia.com/advisories/11581

securitytracker.com/alerts/2004/May/1010117.html

www.eudora.com/download/eudora/windows/6.1.2/RelNotes.txt

www.osvdb.org/6009

www.securityfocus.com/bid/10305

exchange.xforce.ibmcloud.com/vulnerabilities/16105

7.5 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.018 Low

EPSS

Percentile

88.0%

JSON

Related for CVE-2004-2649

cvelist1